CNNVD-202509-4453 Information
Sep 30, 2025
cve
CNNVD ID
CNNVD-202509-4453
Related CVE
- CNNVD Published: 2025-09-30
Description (Chinese)
dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.6.0版本存在安全漏洞,该漏洞源于controllers.console.remote_files.RemoteFileUploadApi组件存在服务端请求伪造,可能导致服务端请求伪造攻击。
Description (English)
Diffy is an open source LLM application development platform for LangGenius open source. Version 1.6.0 contains a security loophole that originates from the existence of a service-end request for forgery of the component of controlrs.console.remote files.RemoteFileUploadApi, which may lead to a request for forgery of the attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LangGenius
Published
2025-09-30
Last Modified
2026-02-24
References
https://github.com/langgenius/dify/issues/22532
Patch
https://github.com/langgenius/dify/releases
Share on: