5 matches found
EUVD-2025-7034
Malicious code in bioql PyPI...
CVE-2024-11821
A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...
CVE-2024-11821 Privilege Escalation in langgenius/dify
A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...
CVE-2024-11821 Privilege Escalation in langgenius/dify
A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...
CVE-2024-11821
CVE-2024-11821 affects langgenius/dify 0.9.1. The issue is a privilege escalation where a normal user can modify Orchestrate instructions for an admin-created chatbot due to improper access control on the endpoint /console/api/apps/{chatbot-id}/model-config. The CVE entry lists a CVSSv3 base scor...