6 matches found
EUVD-2025-29776
Malicious code in bioql PyPI...
CVE-2025-59347
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...
CVE-2025-59347
CVE-2025-59347 affects Dragonfly before version 2.1.0, where the Manager disables TLS certificate verification in HTTP clients and cannot re-enable it; an attacker performing a network-level MITM can supply invalid data to the Manager, causing the preheater to operate on wrong data, leading to de...
CVE-2025-59347 Dragonfly Manager makes requests to external endpoints with disabled TLS authentication
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...
CVE-2025-59347 Dragonfly Manager makes requests to external endpoints with disabled TLS authentication
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication
The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client Timeout:...