CVE-2024-12869 Improper Authentication in infiniflow/ragflow

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed...

CVE-2024-12871 Stored Cross-site Scripting (XSS) in infiniflow/ragflow

An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the payload is executed in the context of the user's browser. This can lead to session hijacking, data exfiltration, or...

CVE-2024-12871 Stored Cross-site Scripting (XSS) in infiniflow/ragflow

An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the payload is executed in the context of the user's browser. This can lead to session hijacking, data exfiltration, or...

CVE-2024-12871

CVE-2024-12871 describes a stored XSS in infiniflow/ragflow (0.12.0) where uploading a malicious PDF to the knowledge base leads to payload execution when viewed in Ragflow. The impact stated across sources includes session hijacking, data exfiltration, and unauthorized actions performed in the u...

CVE-2024-12450

CVE-2024-12450 affects infiniflow/ragflow 0.12.0, where web_crawl in document_app.py does not filter URL parameters, enabling Full Read SSRF to access internal addresses via the generated PDFs, and allows Arbitrary File Read through the file:// protocol. The underlying Chromium headless is used w...

CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow

In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...

CVE-2024-12870 Stored Cross-site Scripting (XSS) in infiniflow/ragflow

A stored cross-site scripting XSS vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch cec2080. The vulnerability allows an attacker to upload HTML/XML files that can host arbitrary JavaScript payloads. These files are served with the 'application/xml' conten...

CVE-2024-12870 Stored Cross-site Scripting (XSS) in infiniflow/ragflow

A stored cross-site scripting XSS vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch cec2080. The vulnerability allows an attacker to upload HTML/XML files that can host arbitrary JavaScript payloads. These files are served with the 'application/xml' conten...

CVE-2024-12870

CVE-2024-12870 describes a stored XSS in infiniflow/ragflow on the main branch (commit cec2080). The vulnerability allows uploading HTML/XML files served as application/xml, which browsers render, enabling arbitrary JavaScript execution in the user’s browser. Impact stated: potential cookie theft...

CVE-2024-12433 Remote Code Execution in infiniflow/ragflow

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...

CVE-2024-12433 Remote Code Execution in infiniflow/ragflow

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...

CVE-2024-12433

CVE-2024-12433 affects infiniflow/ragflow v0.12.0. The RPC server uses a hard-coded AuthKey (authkey=b'infiniflow-token4kevinhu') and deserializes incoming data with pickle.loads() on connection.recv(), enabling remote code execution. Fixed in v0.14.0. A PoC/proof-of-concept is available in publi...

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

CVE-2024-12880

The CVE-2024-12880 entry concerns infiniflow/ragflow (RAGFlow-0.13.0) with a vulnerability in tenant ID handling that enables partial account takeover. If a user has access to multiple tenants, they can manipulate tenant access to query and obtain other tenants’ API tokens via endpoints: /v1/syst...

RAGFlow 授权问题漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. An authorization issue vulnerability exists in RAGFlow version 0.13.0, which stems from not handling tenant IDs correctly and could lead to partial account takeover...

PT-2025-12136 · Unknown +1 · Infiniflow/Ragflow +1

Name of the Vulnerable Software and Affected Versions: infiniflow/ragflow version 0.12.0 Description: The web crawl function in document app.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal networ...

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.12.0 that originates from an unvalidated URL and could lead to a server-side request forgery attack...

CVE-2024-10131

The addllm function in llmapp.py in infiniflow/ragflow version 0.11.0 contains a remote code execution RCE vulnerability. The function uses user-supplied input req'llmfactory' and req'llmname' to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to...

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.13.0, which stems from improper access control of document-hooks.ts and allows unauthorized access to user documents...

CVE-2024-10131

The addllm function in llmapp.py in infiniflow/ragflow version 0.11.0 contains a remote code execution RCE vulnerability. The function uses user-supplied input req'llmfactory' and req'llmname' to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to...