Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/07/09 10:22 a.m.5 views

CVE-2025-3466

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...

9.8CVSS9.6AI score0.00718EPSS
Exploits1References1
circl
circl
added 2025/07/07 11:46 a.m.19 views

CVE-2025-3466

creationtimestamp| type| source ---|---|--- 2025-07-07 11:46:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lteplz7fyx2m 2025-08-06 01:04:20+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81 2025-08-21 10:03:56+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81...

9.8CVSS7.3AI score0.00718EPSS
Exploits1References1
nvd
nvd
added 2025/07/07 10:15 a.m.7 views

CVE-2025-3466

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...

9.8CVSS0.00718EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/07/07 9:55 a.m.6 views

CVE-2025-3466 Unsanitized Input in langgenius/dify

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...

9.8CVSS9.6AI score0.00718EPSS
Exploits1References2
cvelist
cvelist
added 2025/07/07 9:55 a.m.10 views

CVE-2025-3466 Unsanitized Input in langgenius/dify

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...

9.8CVSS0.00718EPSS
Exploits1References2
cve
cve
added 2025/07/07 9:55 a.m.83 views

CVE-2025-3466

CVE-2025-3466 affects langgenius/dify versions 1.1.0–1.1.2. Root cause is unsanitized input in the code node that enables overriding global JavaScript functions (e.g., parseInt) before sandbox restrictions, allowing arbitrary code execution with full root permissions. Documented impact includes a...

9.8CVSS9.6AI score0.00718EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder