CNNVD-202506-2129 Information

CNNVD ID

CNNVD-202506-2129

Related CVE

CVE-2025-49149

• CNNVD Published: 2025-06-17

Description (Chinese)

dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.2.0版本存在跨站脚本漏洞，该漏洞源于用户输入过滤不足，可能导致跨站脚本攻击。

Description (English)

Diffy is an open source LLM application development platform for LangGenius open source. Version 1.2.0 has a cross-site script loophole, which stems from inadequate user input filters and may lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

LangGenius

Published

2025-06-17

Last Modified

2026-02-24

References

https://github.com/langgenius/dify/security/advisories/GHSA-grmh-ww4v-5cgj https://nvd.nist.gov/vuln/detail/CVE-2025-49149

Patch

https://github.com/langgenius/dify/releases