CNNVD-202509-3992 Information

CNNVD ID

CNNVD-202509-3992

Related CVE

CVE-2025-26278

• CNNVD Published: 2025-09-25

Description (Chinese)

dref是F-Secure LABS开源的一个DNS重新绑定利用框架。 dref 0.1.2版本存在安全漏洞，该漏洞源于lib.set函数存在原型污染，可能导致拒绝服务攻击。

Description (English)

dref is a DNS re-locking use framework for F-Secure LABS open source. There is a security loophole in version 0.1.2 of dref, which stems from the prototype contamination of the lib.set function, which may lead to a denial of service attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

F-Secure LABS

Published

2025-09-25

Last Modified

2026-02-24

References

https://gist.github.com/tariqhawis/ad92d5e683f3a5d83e0629955ff42ad7 https://github.com/OrangeShieldInfos/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-26278