CVE-2024-12450

CRITICAL

Infiniflow Ragflow - SSRF

Title source: rule

Description

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF files. Additionally, the lack of restrictions on the file protocol enables Arbitrary File Read, allowing attackers to read server files. Furthermore, the use of an outdated Chromium headless version with --no-sandbox mode enabled makes the application susceptible to Remote Code Execution (RCE) via known Chromium v8 vulnerabilities. These issues are resolved in version 0.14.0.

References (2)

Core 2

Core References

Patch

https://github.com/infiniflow/ragflow/commit/3faae0b2c2f8a26233ee1442ba04874b3406f6e9

View Patch ZIP pw:eip

Exploit

https://huntr.com/bounties/da06360c-87c3-4ba9-be67-29f6eff9d44a

Scores

CVSS v3 9.8

EPSS 0.0098

EPSS Percentile 76.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

infiniflow/ragflow 0.12.0

Published Mar 20, 2025

Tracked Since Feb 18, 2026