CNNVD-202512-3414 Information
CNNVD ID
CNNVD-202512-3414
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.9.1版本存在安全漏洞,该漏洞源于权限不当,可能导致未授权访问系统配置数据。
Description (English)
Diffy is an open source LLM application development platform for LangGenius open source. There is a security loophole in version 1.9.1, which stems from inappropriate privileges and may lead to unauthorized access to system configuration data.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
LangGenius
Published
2025-12-18
Last Modified
2026-02-24
References
https://github.com/langgenius/dify/pull/31392 https://gist.github.com/Cristliu/cddc0cbbf354de51106ab63a11be94af https://github.com/langgenius/dify/issues/31368#issuecomment-3783712203 https://gist.github.com/Cristliu/dfc5f3a31dc6d7fff2754867e5c649a5 https://github.com/langgenius/dify/discussions https://github.com/langgenius/dify/pull/31417 https://access.redhat.com/security/cve/cve-2025-63387
Patch
https://github.com/langgenius/dify/releases
Share on: