fkie_cve-2025-3466
Vulnerability from fkie_nvd
Published
2025-07-07 10:15
Modified
2025-07-10 15:01
Severity ?
Summary
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to secret keys, internal network servers, and lateral movement within dify.ai. The issue is resolved in version 1.1.3.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
langgenius | dify | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:langgenius:dify:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "C0CE6D8A-1407-4D80-A035-FC2FD9B610CB", "versionEndExcluding": "1.1.3", "versionStartIncluding": "1.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to secret keys, internal network servers, and lateral movement within dify.ai. The issue is resolved in version 1.1.3." }, { "lang": "es", "value": "Las versiones 1.1.0 a 1.1.2 de langgenius/dify son vulnerables a la entrada no saneada en el nodo de c\u00f3digo, lo que permite la ejecuci\u00f3n de c\u00f3digo arbitrario con permisos de root completos. La vulnerabilidad surge de la capacidad de anular funciones globales en JavaScript, como parseInt, antes de que se impongan las restricciones de seguridad del entorno de pruebas. Esto puede provocar acceso no autorizado a claves secretas, servidores de red internos y movimiento lateral dentro de dify.ai. El problema se ha resuelto en la versi\u00f3n 1.1.3." } ], "id": "CVE-2025-3466", "lastModified": "2025-07-10T15:01:31.070", "metrics": { "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2025-07-07T10:15:27.640", "references": [ { "source": "security@huntr.dev", "tags": [ "Patch" ], "url": "https://github.com/langgenius/dify/commit/1be0d26c1feb4bcbbdd2b4ae4eeb25874aadaddb" }, { "source": "security@huntr.dev", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://huntr.com/bounties/f8dc17a3-5536-4944-a680-24070903cd2d" } ], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-1100" } ], "source": "security@huntr.dev", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…