CVE-2023-27584: Dragonfly2 has hard coded cyptographic key
(updated )
Hello dragonfly maintainer team, I would like to report a security issue concerning your JWT feature.
References
- github.com/advisories/GHSA-hpc8-7wpm-889w
- github.com/dragonflyoss/Dragonfly2
- github.com/dragonflyoss/Dragonfly2/commit/e9da69dc4048bf2a18a671be94616d85e3429433
- github.com/dragonflyoss/Dragonfly2/releases/tag/v2.0.9
- github.com/dragonflyoss/dragonfly/commit/684469a31bd27d38c715c507bca9f6d2c21f9007
- github.com/dragonflyoss/dragonfly/security/advisories/GHSA-hpc8-7wpm-889w
- nvd.nist.gov/vuln/detail/CVE-2023-27584
Code Behaviors & Features
Detect and mitigate CVE-2023-27584 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →