494 matches found
Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret
Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...
Ruby Dragonfly <1.4.0 - Remote Code Execution
Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishand...
CVE-2026-54709
creationtimestamp| type| source ---|---|--- 2026-07-06 22:35:29+00:00| published-proof-of-concept| https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-fhf9-m53m-863g...
CVE-2026-54637
creationtimestamp| type| source ---|---|--- 2026-07-06 22:35:14+00:00| published-proof-of-concept| https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-chwm-m7g7-685g...
Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile
Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...
GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile
Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...
PT-2026-56058
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to v2.4.4-rc.2 Description The scheduler's v1 gRPC service is vulnerable to an unauthenticated Server-Side Request Forgery SSRF. A remote attacker can force the scheduler to make HTTP GET requests to arbitrary internal...
CVE-2026-49254
creationtimestamp| type| source ---|---|--- 2026-07-02 20:35:02+00:00| published-proof-of-concept| https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-4q9j-6299-gxmr...
GHSA-4Q9J-6299-GXMR Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1/oauth
Summary The Dragonfly Manager exposes GET /api/v1/oauth and GET /api/v1/oauth/:id to unauthenticated clients. The response body deserializes the entire manager/models.Oauth struct, which includes the clientsecret field. Any network-reachable attacker can read the OAuth client secrets configured f...
PT-2026-55450
Name of the Vulnerable Software and Affected Versions dragonfly versions prior to 2.4.4 Description The Dragonfly Manager fails to enforce authentication on specific API endpoints, allowing unauthenticated network-reachable attackers to retrieve sensitive OAuth client secrets. The issue occurs...
CVE-2026-47206
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.errorreply in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing...
CVE-2026-47206 Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.errorreply in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing...
CVE-2026-47206
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.errorreply in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing...
CVE-2026-47206
Dragonfly is an in-memory store. Before version 1.39.9, it is vulnerable to RESP protocol injection via Lua redis.error_reply() in EvalSerializer, allowing an authenticated user to inject arbitrary RESP messages into the connection’s response stream and potentially desynchronize responses for con...
SUSE CVE-2025-59353
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager's Certificate gRPC service does not...
SUSE CVE-2026-24124
Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...
GO-2026-4356 Dragonfly Manager Job API Unauthenticated Access in d7y.io/dragonfly
Dragonfly Manager Job API Unauthenticated Access in d7y.io/dragonfly...
CVE-2026-24124
Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...
CVE-2026-24124
Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of JWT authentication middleware and RBAC authorization checks in the routing configuration for /api/v1/jobs endpoint. An attacker can view, update, and delete jobs by sending...