4 matches found
CVE-2024-12779
A Server-Side Request Forgery SSRF vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/addllm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the apibase when adding an OPENAITTS model, and subsequently...
CVE-2024-12779 SSRF in infiniflow/ragflow
A Server-Side Request Forgery SSRF vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/addllm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the apibase when adding an OPENAITTS model, and subsequently...
CVE-2024-12779 SSRF in infiniflow/ragflow
A Server-Side Request Forgery SSRF vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/addllm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the apibase when adding an OPENAITTS model, and subsequently...
CVE-2024-12779
A Server-Side Request Forgery (SSRF) vulnerability affects infiniflow/ragflow version 0.12.0, in POST /v1/llm/add_llm and POST /v1/conversation/tts. An attacker can supply an arbitrary URL as api_base when adding an OPENAITTS model, then access the tts endpoint to read contents from that URL, pot...