langgenius Dify Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in langgenius/dify version 0.9.1. This vulnerability arises from inadequate validation of the api_endpoint parameter, which allows attackers to send requests to internal network services. Exploitation of this vulnerability could result in unauthorized access to internal servers and the exposure of sensitive information, such as access to the AWS metadata endpoint.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal network services and sensitive information, including AWS metadata.