CNNVD-202507-656 Information

CNNVD ID

CNNVD-202507-656

Related CVE

CVE-2025-3466

• CNNVD Published: 2025-07-07

Description (Chinese)

dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.1.0至1.1.2版本存在安全漏洞，该漏洞源于代码节点输入未清理，可能导致执行任意代码。

Description (English)

Diffy is an open source LLM application development platform for LangGenius open source. There is a security loophole in versions 1.1.0 to 1.1.2, which stems from uncleaned code nodes, which may lead to the implementation of any code.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

LangGenius

Published

2025-07-07

Last Modified

2026-02-24

References

https://huntr.com/bounties/f8dc17a3-5536-4944-a680-24070903cd2d https://github.com/langgenius/dify/commit/1be0d26c1feb4bcbbdd2b4ae4eeb25874aadaddb https://access.redhat.com/security/cve/cve-2025-3466

Patch

https://github.com/langgenius/dify/releases