Server-Side Request Forgery Vulnerability in Dify by Langgenius
CVE-2025-0184
6.5MEDIUM
What is CVE-2025-0184?
A vulnerability was found in Dify, a product by Langgenius, where a Server-Side Request Forgery (SSRF) could be exploited through the 'Create Knowledge' feature. This issue arises during the upload of DOCX files that contain external relationships, which, due to improper handling, allow URLs to be requested directly via the 'requests' module instead of routing through the 'ssrf_proxy'. This oversight poses a risk of exposing sensitive information or facilitating unauthorized access. The vulnerability was addressed and resolved in version 0.11.0.
Affected Version(s)
langgenius/dify < 0.11.0