{"data":{"id":"ece86da8-3079-4c15-a8bb-0261e771a715","title":"CVE-2024-12775: langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for","summary":"Dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability, which is a weakness where an attacker tricks a server into making requests to unintended targets. Through the 'Create Custom Tool' REST API endpoint, attackers can manipulate the URL parameter to make the victim's server access unauthorized web resources using the server's own credentials.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-12775","publishedAt":"2025-03-20T14:15:30.117Z","cveId":"CVE-2024-12775","cweIds":["CWE-918"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Dify","langgenius/dify"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00103,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}