CVE-2024-10131 | infiniflow ragflow up to 0.11.0 llm_app.py add_llm req[‘llm_factory’]/req[‘llm_name’] command injection

Posted by Angelo Barbosa | Oct 19, 2024 | CVE

A vulnerability classified as very critical has been found in infiniflow ragflow up to 0.11.0. Affected is the function add_llm of the file llm_app.py. The manipulation of the argument req[‘llm_factory’]/req[‘llm_name’] leads to command injection.

This vulnerability is traded as CVE-2024-10131. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-10131 | infiniflow ragflow up to 0.11.0 llm_app.py add_llm req[‘llm_factory’]/req[‘llm_name’] command injection

Related Posts

CVE-2021-42145 | Contiki-NG TinyDTLS up to 2018-08-30 check_certificate_request denial of service

CVE-2024-1022 | CodeAstro Simple Student Result Management System 5.6 Add Class Page /add_classes.php Class Name cross site scripting

CVE-2024-6687 | CTT Expresso para WooCommerce Plugin up to 3.2.12 on WordPress file information disclosure

CVE-2024-6889 | Secure Copy Content Protection and Content Locking Plugin Setting cross site scripting