漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Dify has IDOR in deleting someone else's chat conversation
Vulnerability Description
Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
dify 安全漏洞
Vulnerability Description
dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 Dify 1.13.1之前版本存在安全漏洞,该漏洞源于DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>方法授权检查不足,可能导致任意用户删除他人聊天记录。
CVSS Information
N/A
Vulnerability Type
N/A