漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Server-Side Request Forgery (SSRF) in langgenius/dify
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests' module instead of the 'ssrf_proxy', leading to an SSRF vulnerability. This issue was fixed in version 0.11.0.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
dify 代码问题漏洞
Vulnerability Description
dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 0.10.2版本存在代码问题漏洞,该漏洞源于Create Knowledge部分上传DOCX文件时容易受到服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A