Dragonfly 安全漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly versions prior to 2.1.0, which stems from the proxy function access control mechanism using simple string comparisons, which is vulnerable to...

Dragonfly 代码问题漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A code issue vulnerability exists in Dragonfly versions prior to 2.1.0, which stems from the Manager API accepting a user-supplied URL with insufficient validation when creating a Preheat jo...

Dragonfly 信任管理问题漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A trust management issue vulnerability exists in Dragonfly versions prior to 2.1.0 that stems from disabling TLS certificate validation, which could lead to man-in-the-middle attacks and...

Dragonfly 安全漏洞

Dragonfly is a framework that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly prior to version 2.0.9 that stems from Dragonfly's use of hard-coded JWT to authenticate users, which could lead to authentication bypass...

Dragonfly 代码问题漏洞

Dragonfly is a framework that allows dynamic processing of any content type. A code issue vulnerability exists in Dragonfly version v0.3.0-SNAPSHOT, which stems from the fact that it is not configured with DocumentBuilderFactory allowing an attacker to implement XML external entity attacks...