CVE-2024-12779

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-12779

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-12779.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-12779

Published

2025-03-20T10:15:30Z

Modified

2025-04-02T09:05:01.175080Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/add_llm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the api_base when adding an OPENAITTS model, and subsequently access the tts REST API endpoint to read contents from the specified URL. This can lead to unauthorized access to internal web resources.

References

https://huntr.com/bounties/3cc748ba-2afb-4bfe-8553-10eb6d6dd4f0

Affected packages

Git / github.com/infiniflow/ragflow

Affected ranges

Type: GIT
Repo: https://github.com/infiniflow/ragflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

92a4a095c922690b31e9ef557b708d3920d092a9

Affected versions

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0