Code Injection Vulnerability in Dify Sandbox Service by Langgenius
CVE-2024-10252
8.8HIGH
What is CVE-2024-10252?
A code injection vulnerability in the Dify sandbox service, affecting langgenius/dify versions up to v0.9.1, allows attackers to exploit internal Server-Side Request Forgery (SSRF) requests. By leveraging this flaw, an attacker can execute arbitrary Python code with root privileges in the sandbox environment. This may result in the deletion of the entire sandbox service, potentially causing irreversible damage and compromising the application's integrity.
Affected Version(s)
langgenius/dify < 0.2.10