CVE-2024-10131
HIGHragflow 0.11.0 - Remote Code Execution via add_llm Function
Title source: llmDescription
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/42ae0b27-e851-4b58-a991-f691a437fbaa
Scores
CVSS v3
8.8
EPSS
0.0111
EPSS Percentile
61.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
infiniflow/ragflow
0.11.0
Published
Oct 19, 2024
Tracked Since
Feb 18, 2026