Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery (SSRF) in langgenius/dify
Vulnerability Description
langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal servers and potentially expose sensitive information, including access to the AWS metadata endpoint.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
dify 安全漏洞
Vulnerability Description
dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 0.9.1版本存在安全漏洞,该漏洞源于api_endpoint参数处理不当,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A