Lucene search
K

11 matches found

OSV
OSV
added 4 days ago5 views

GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.9CVSS6.3AI score
Exploits0References11
Github Security Blog
Github Security Blog
added 4 days ago9 views

Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.3AI score
Exploits0References11Affected Software1
Snyk
Snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.3 views

PT-2025-38274

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description Dragonfly, an open source P2P-based file distribution and image acceleration system, is susceptible to a Man-in-the-Middle attack. The scheduler for downloading small files was configured to use th...

9.9CVSS9.1AI score0.02829EPSS
Exploits11References45
Rows per page
Query Builder