2 matches found
CVE-2024-12776 Authentication Bypass in langgenius/dify
In langgenius/dify v0.10.1, the /forgot-password/resets endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application...
CVE-2024-12776
CVE-2024-12776 affects langgenius/dify v0.10.1. The issue is that the /forgot-password/resets endpoint does not verify the password reset code, enabling an attacker to reset the password of any user, including administrators, potentially leading to full compromise of the application. Root cause: ...