6 matches found
CVE-2025-3466
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...
CVE-2025-3466
creationtimestamp| type| source ---|---|--- 2025-07-07 11:46:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lteplz7fyx2m 2025-08-06 01:04:20+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81 2025-08-21 10:03:56+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81...
CVE-2025-3466
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...
CVE-2025-3466 Unsanitized Input in langgenius/dify
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...
CVE-2025-3466 Unsanitized Input in langgenius/dify
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...
CVE-2025-3466
CVE-2025-3466 affects langgenius/dify versions 1.1.0–1.1.2. Root cause is unsanitized input in the code node that enables overriding global JavaScript functions (e.g., parseInt) before sandbox restrictions, allowing arbitrary code execution with full root permissions. Documented impact includes a...