2 matches found
GHSA-HX2H-VJW2-8R54 DragonFly has weak integrity checks for downloaded files
Impact The DragonFly2 uses a variety of hash functions, including the MD5 hash. This algorithm does not provide collision resistance; it is secure only against preimage attacks. While these security guarantees may be enough for the DragonFly2 system, it is not completely clear if there are any...
GHSA-G2RQ-JV54-WCPR Dragonfly vulnerable to server-side request forgery
Impact There are multiple server-side request forgery SSRF vulnerabilities in the DragonFly2 system. The vulnerabilities enable users to force DragonFly2’s components to make requests to internal services, which otherwise are not accessible to the users. One SSRF attack vector is exposed by the...