 
      
    Security Advisories for github.com/dragonflyoss/dragonfly in go
      
        Moderate
      
    
      
  
          about 1 month ago
    
    DragonFly's tiny file download uses hard coded HTTP protocol
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        Moderate
      
    
      
  
          about 1 month ago
    
    DragonFly has weak integrity checks for downloaded files
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        High
      
    
      
  
          about 1 month ago
    
    DragonFly's manager generates mTLS certificates for arbitrary IP addresses
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        Moderate
      
    
      
  
          about 1 month ago
    
    DragonFly vulnerable to arbitrary file read and write on a peer machine
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        Moderate
      
    
      
  
          about 1 month ago
    
    DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        Moderate
      
    
      
  
          about 1 month ago
    
    Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        Low
      
    
      
  
          about 1 month ago
    
    Dragonfly's directories created via os.MkdirAll are not checked for permissions
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        Moderate
      
    
      
  
          about 1 month ago
    
    Dragonfly incorrectly handles a task structure’s usedTrac field
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        Moderate
      
    
      
  
          about 1 month ago
    
    Dragonfly's manager makes requests to external endpoints with disabled TLS authentication
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        High
      
    
      
  
          about 1 month ago
    
    Dragonfly vulnerable to server-side request forgery
        
        go
        
        github.com/dragonflyoss/dragonfly
      
    
      
        High
      
    
      
  
          about 1 month ago
    
    Dragonfly doesn't have authentication enabled for some Manager’s endpoints
        
        go
        
        github.com/dragonflyoss/dragonfly