Vulnerability Database

299,038

Total vulnerabilities in the database

CVE-2024-12775

langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API POST /console/api/workspaces/current/tool-provider/api/test/pre. Attackers can set the url in the servers dictionary in OpenAI's schema with arbitrary URL targets, allowing them to abuse the victim server's credentials to access unauthorized web resources.

Published: Mar 20, 2025
Updated: Jul 15, 2025
CVE: CVE-2024-12775
Exploit:

No technical information available.

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
langgenius / dify	0.10.1	0.10.1.x

https://huntr.com/bounties/e90e929a-9bc9-46ad-a5e5-1f6f124d0f12

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo