Lucene search
InfiniflowRagflow
2 matches found
CVE-2024-12779
A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/add_llm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the api_base when adding an OPENAITTS model, and subsequently a...
7.5CVSS6.5AI score0.00049EPSS
Web
CVE-2024-53450
RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents.
7.5CVSS6.9AI score0.00182EPSS