漏洞描述
在 Dify v1.0 中发现了一个服务器端请求伪造(Server-Side Request Forgery, SSRF)漏洞,该漏洞位于`controllers.console.remote_files.RemoteFileUploadApi` 组件。
Dify存在SSRF漏洞(CVE-2025-29720)
PoC代码
暂无相关漏洞推荐
- Dify /console/api/remote-files/upload 服务器端请求伪造漏洞
- western-digital-mycloud-multi-uploadify-file-upload: Western Digital MyCloud Multi Uploadify File Upload
- POC weaver-lazyuploadify-file-upload: OA E-Office LazyUploadify - Arbitrary File Upload
- POC weaver-uploadify-file-upload: OA E-Office Uploadify - Arbitrary File Upload
- POC CVE-2025-11750: Dify - User Enumeration via "Account not found" Message
- Dify 任意用户密码重置绕过漏洞
- dify 安全漏洞
- 赛蓝 企业管理系统 SubmitUploadify 未授权 任意文件上传漏洞
- 博采网络-建站服务-uploadify.php文件上传