mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
927 B
927 B
CVE-2025-0184
&color=brightgreen)
Description
A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests' module instead of the 'ssrf_proxy', leading to an SSRF vulnerability. This issue was fixed in version 0.11.0.
POC
Reference
No PoCs from references.