Skip to main content

Ragflow CVE-2024-10131

HIGH
Code Injection (CWE-94)
2024-10-19 security@huntr.dev
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 19, 2024 - 04:15 nvd
HIGH 8.8

DescriptionNVD

The add_llm function in llm_app.py in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input req['llm_factory'] and req['llm_name'] to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code.

AnalysisAI

The add_llm function in llm_app.py in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. The add_llm function in llm_app.py in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input req['llm_factory'] and req['llm_name'] to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code. Affected products include: Infiniflow Ragflow. Version information: version 0.11.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2024-12433 CRITICAL POC
9.8 Mar 20

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. Rated critical severity (CVSS 9

CVE-2026-24770 CRITICAL POC
9.8 Jan 27

Path traversal vulnerability in RAGFlow RAG engine version 0.23.1 allows unauthenticated attackers to read arbitrary fil

CVE-2024-12450 CRITICAL POC
9.8 Mar 20

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities.

CVE-2025-27135 HIGH POC
8.9 Feb 25

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Rated high severity (CVSS 8.9), this vulnerabilit

CVE-2025-25282 HIGH POC
8.1 Feb 21

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. Rated high s

CVE-2024-12779 HIGH POC
7.5 Mar 20

A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. Rated high severity (CVS

CVE-2024-53450 HIGH POC
7.5 Dec 09

RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents

CVE-2024-12880 MEDIUM POC
6.5 Mar 20

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data query

CVE-2024-12871 MEDIUM POC
5.4 Mar 20

An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowl

CVE-2026-58579 MEDIUM POC
5.1 Jul 02

Stored XSS in RAGFlow before 0.26.3 enables cross-user JavaScript execution through unsanitized agent pipeline node name

CVE-2025-48187 CRITICAL POC
9.1 May 17

RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against

CVE-2024-12869 MEDIUM POC
4.3 Mar 20

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view anot

Share

CVE-2024-10131 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy