Lucene search
K

4 matches found

NVD
NVD
added 2025/09/17 8:15 p.m.14 views

CVE-2025-59347

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...

6.9CVSS0.00159EPSS
Exploits0References2
CVE
CVE
added 2025/09/17 7:58 p.m.18 views

CVE-2025-59410

Dragonfly CVE-2025-59410 affects the scheduler used for downloading tiny files prior to version 2.1.0, where the code path defaults to HTTP instead of HTTPS. This enables a potential Man-in-the-Middle attack to alter the data piece downloaded during the process. The issue is fixed in 2.1.0. The a...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/09/17 7:46 p.m.8 views

CVE-2025-59351 Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dereferenced even when the function returns an error. This can result in a nil dereference, and cause code to panic. This vulnerability is fixed in 2.1.0...

6.9CVSS6.7AI score0.00293EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.4 views

CVE-2023-27584

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

9.8CVSS6.9AI score0.33618EPSS
Exploits1References1
Rows per page
Query Builder