Lucene search
+L

4 matches found

nvd
nvd
added 2025/03/20 10:15 a.m.24 views

CVE-2024-12779

A Server-Side Request Forgery SSRF vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/addllm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the apibase when adding an OPENAITTS model, and subsequently...

7.5CVSS0.0061EPSS
Exploits1References1
cvelist
cvelist
added 2025/03/20 10:11 a.m.26 views

CVE-2024-12779 SSRF in infiniflow/ragflow

A Server-Side Request Forgery SSRF vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/addllm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the apibase when adding an OPENAITTS model, and subsequently...

6.5CVSS0.0061EPSS
Exploits1References1
osv
osv
added 2025/03/20 10:11 a.m.9 views

CVE-2024-12779 SSRF in infiniflow/ragflow

A Server-Side Request Forgery SSRF vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/addllm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the apibase when adding an OPENAITTS model, and subsequently...

6.5CVSS6.7AI score0.0061EPSS
Exploits1References3
cve
cve
added 2025/03/20 10:11 a.m.81 views

CVE-2024-12779

A Server-Side Request Forgery (SSRF) vulnerability affects infiniflow/ragflow version 0.12.0, in POST /v1/llm/add_llm and POST /v1/conversation/tts. An attacker can supply an arbitrary URL as api_base when adding an OPENAITTS model, then access the tts endpoint to read contents from that URL, pot...

7.5CVSS6.5AI score0.0061EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder