CVE-2024-10131 | infiniflow ragflow up to 0.11.0 llm_app.py add_llm req[‘llm_factory’]/req[‘llm_name’] command injection

Posted by Angelo Barbosa | Oct 19, 2024 | CVE

A vulnerability classified as very critical has been found in infiniflow ragflow up to 0.11.0. Affected is the function add_llm of the file llm_app.py. The manipulation of the argument req[‘llm_factory’]/req[‘llm_name’] leads to command injection.

This vulnerability is traded as CVE-2024-10131. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-10131 | infiniflow ragflow up to 0.11.0 llm_app.py add_llm req[‘llm_factory’]/req[‘llm_name’] command injection

Related Posts

CVE-2024-46606 | Piwigo 14.5.0 /admin.php?page=photo Description cross site scripting

CVE-2024-23600 | Ping Identity OPENIDM up to 7.5.0 Query Search Result information disclosure

CVE-2023-7161 | Netentsec NS-ASG Application Security Gateway 6.3.1 Login index.php check_VirtualSiteId sql injection

CVE-2023-49038 | Buffalo LS210D 1.78-0.03 Ping Utility os command injection