5 matches found
EUVD-2026-30774
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
CVE-2025-29720
Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...
CVE-2025-29720
Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify v1.0, which stems from a server-side request forgery in the component controllers.console.remotefiles.RemoteFileUploadApi...
CVE-2025-29720
CVE-2025-29720 describes a Server-Side Request Forgery (SSRF) in Dify via controllers.console.remote_files.RemoteFileUploadApi affecting Dify v1.0 (and references to v1.6.0 in related advisories). The underlying issue is a component exposure that can be triggered locally with user interaction req...