PT-2024-16051 · Infiniflow · Ragflow
Name of the Vulnerable Software and Affected Versions: infiniflow/ragflow version 0.11.0 Description: The issue concerns a remote code execution vulnerability in the add llm function, located in llm app.py. This function utilizes user-supplied input, specifically req'llm factory' and req'llm name...