Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Authentication Bypass in langgenius/dify
CVE-2024-12776
Description
In langgenius/dify v0.10.1, the /forgot-password/resets endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 0.10.1
- langgenius/langgenius/difyv5Range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.