CNNVD-202601-3937 Information
CNNVD ID
CNNVD-202601-3937
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Dragonfly是DragonflyDB开源的一个框架,可以对任何内容类型进行动态处理。 Dragonfly 2.4.1-rc.0及之前版本存在访问控制错误漏洞,该漏洞源于Job API端点缺少JWT身份验证和RBAC授权检查,可能导致未经验证的用户查看、更新和删除作业。
Description (English)
Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. Dragonfly 2.4.1-rc.0 and previous versions have access control error holes, which stem from the absence of JWT authentication and RBAC-authorized checks at the Job API endpoint, which may lead to uncertified users viewing, updating and deleting jobs.
Hazard Level
Low
Vulnerability Type
访问控制错误
Affected Vendor
DragonflyDB
Published
2026-01-22
Last Modified
2026-02-24
References
https://github.com/dragonflyoss/dragonfly/commit/9fb9a2dfde3100f32dc7f48eabee4c2b64eac55f https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-j8hf-cp34-g4j7 https://access.redhat.com/security/cve/cve-2026-24124
Patch
https://github.com/dragonflyoss/dragonfly/releases
Share on: