Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 1:12 p.m.17 views

CVE-2024-12450

In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...

9.8CVSS7.6AI score0.01211EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.18 views

CVE-2024-12450

In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...

9.8CVSS0.01211EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.20 views

CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow

In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...

6.5CVSS0.01211EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:11 a.m.10 views

CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow

In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...

6.5CVSS6.7AI score0.01211EPSS
Exploits1References4
CVE
CVE
added 2025/03/20 10:11 a.m.49 views

CVE-2024-12450

CVE-2024-12450 affects infiniflow/ragflow 0.12.0, where web_crawl in document_app.py does not filter URL parameters, enabling Full Read SSRF to access internal addresses via the generated PDFs, and allows Arbitrary File Read through the file:// protocol. The underlying Chromium headless is used w...

9.8CVSS7.6AI score0.01211EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder