CVE-2024-12775: langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for
highvulnerability
security
Summary
Dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability, which is a weakness where an attacker tricks a server into making requests to unintended targets. Through the 'Create Custom Tool' REST API endpoint, attackers can manipulate the URL parameter to make the victim's server access unauthorized web resources using the server's own credentials.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
LangChain
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-12775
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 85%