{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T04:23:28.823","vulnerabilities":[{"cve":{"id":"CVE-2024-12450","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:28.883","lastModified":"2025-04-04T09:15:15.207","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF files. Additionally, the lack of restrictions on the file protocol enables Arbitrary File Read, allowing attackers to read server files. Furthermore, the use of an outdated Chromium headless version with --no-sandbox mode enabled makes the application susceptible to Remote Code Execution (RCE) via known Chromium v8 vulnerabilities. These issues are resolved in version 0.14.0."},{"lang":"es","value":"En las versiones 0.12.0 de infiniflow/ragflow, la función `web_crawl` en `document_app.py` contiene múltiples vulnerabilidades. Esta función no filtra los parámetros de URL, lo que permite a los atacantes explotar la SSRF de lectura completa accediendo a direcciones de red internas y visualizando su contenido a través de los archivos PDF generados. Además, la ausencia de restricciones en el protocolo de archivos permite la lectura arbitraria de archivos, lo que permite a los atacantes leer archivos del servidor. Asimismo, el uso de una versión desactualizada de Chromium sin interfaz gráfica con el modo --no-sandbox habilitado hace que la aplicación sea susceptible a la ejecución remota de código (RCE) a través de vulnerabilidades conocidas de Chromium v8. Estos problemas se han resuelto en la versión 0.14.0."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:infiniflow:ragflow:0.12.0:*:*:*:*:*:*:*","matchCriteriaId":"6EDC17D5-855D-4564-ABB4-CED9A5E4F983"}]}]}],"references":[{"url":"https://github.com/infiniflow/ragflow/commit/3faae0b2c2f8a26233ee1442ba04874b3406f6e9","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/da06360c-87c3-4ba9-be67-29f6eff9d44a","source":"security@huntr.dev","tags":["Exploit"]},{"url":"https://huntr.com/bounties/da06360c-87c3-4ba9-be67-29f6eff9d44a","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}}]}