D7y Dragonfly
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in D7y Dragonfly.
By the Year
In 2026 there have been 0 vulnerabilities in D7y Dragonfly. Dragonfly did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 9.80 |
It may take a day or so for new Dragonfly vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D7y Dragonfly Security Vulnerabilities
Dragonfly <=2.0.9 JWT Secret Hardcoded Enables Auth Bypass
CVE-2023-27584
9.8 - Critical
- September 19, 2024
Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Use of Hard-coded Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for D7y Dragonfly or by D7y? Click the Watch button to subscribe.
