漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer
Vulnerability Description
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9.
CVSS Information
N/A
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
DragonflyDB Dragonfly 输出处理不当漏洞
Vulnerability Description
DragonflyDB Dragonfly是DragonflyDB公司的一个框架,可以对任何内容类型进行动态处理。 DragonflyDB Dragonfly 1.39.9之前版本存在输出处理不当漏洞,该漏洞源于EvalSerializer组件中通过Lua redis.error_reply()存在RESP协议注入,可能导致经过身份验证的用户在连接响应流中注入任意RESP消息,从而引起连接池客户端响应不同步。
CVSS Information
N/A
Vulnerability Type
N/A