4 matches found
EUVD-2025-204302
A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...
PT-2025-52262
Name of the Vulnerable Software and Affected Versions Dify version 1.9.1 Description A Cross-Origin Resource Sharing CORS misconfiguration exists in the /console/api/setup endpoint. The endpoint has an insecure CORS policy that reflects any Origin header and allows Access-Control-Allow-Credential...
CVE-2025-63386
A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...
CVE-2025-63386
CVE-2025-63386 affects Dify v1.9.1, specifically the /console/api/setup endpoint. The vulnerability arises from a misconfigured CORS policy that reflects any Origin header and sets Access-Control-Allow-Credentials: true, allowing arbitrary external domains to make authenticated requests. Impact i...