3 matches found
CVE-2024-12450
In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...
PT-2025-12136 · Unknown +1 · Infiniflow/Ragflow +1
Name of the Vulnerable Software and Affected Versions: infiniflow/ragflow version 0.12.0 Description: The web crawl function in document app.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal networ...
CVE-2024-53450
RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents...