CNNVD-202512-3442 Information

CNNVD ID

CNNVD-202512-3442

Related CVE

CVE-2025-63386

• CNNVD Published: 2025-12-18

Description (Chinese)

dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.9.1版本存在安全漏洞，该漏洞源于CORS配置不当，可能导致跨域认证请求。

Description (English)

Diffy is an open source LLM application development platform for LangGenius open source. There is a security loophole in version 1.9.1, which stems from the inappropriate configuration of COREs and may lead to cross-domain authentication requests.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

LangGenius

Published

2025-12-18

Last Modified

2026-02-24

References

https://github.com/langgenius/dify/pull/32224 https://gist.github.com/Cristliu/8ad993126be05c9210c71cc7d49fa112 https://gist.github.com/Cristliu/1610daac87c711ac3e0250c58f5cc4f9 https://github.com/langgenius/dify/discussions https://access.redhat.com/security/cve/cve-2025-63386

Patch

https://github.com/langgenius/dify/releases