CVE-2024-10131

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-10131

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10131.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10131

Published

2024-10-19T04:15:05Z

Modified

2025-03-18T14:45:17.978645Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The add_llm function in llm_app.py in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input req['llm_factory'] and req['llm_name'] to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code.

References

https://huntr.com/bounties/42ae0b27-e851-4b58-a991-f691a437fbaa

Affected packages

Git / github.com/infiniflow/ragflow

Affected ranges

Type: GIT
Repo: https://github.com/infiniflow/ragflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2f33ec7ad07db037482ef5cfa58df1b3dd0727a5

Affected versions

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0