Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Server-Side Request Forgery (SSRF) in langgenius/dify
CVE-2025-0184
Description
A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests' module instead of the 'ssrf_proxy', leading to an SSRF vulnerability. This issue was fixed in version 0.11.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =0.10.2
- langgenius/langgenius/difyv5Range: unspecified
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.