1. Home
  2. CVE Database
  3. CVE-2024-11822
HIGH · 7.5

CVE-2024-11822

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make...

Vulnerability Description

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal servers and potentially expose sensitive information, including access to the AWS metadata endpoint.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
DifyDify0.9.1

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2024-11822?

CVE-2024-11822 is a vulnerability with a CVSS score of 7.5 (HIGH). langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make...

How severe is CVE-2024-11822?

CVE-2024-11822 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-11822?

Check the references section above for vendor advisories and patch information. Affected products include: Dify Dify.