Infiniflow Ragflow Server-Side Request Forgery, Arbitrary File Read, and Remote Code Execution Vulnerability

A vulnerability in Infiniflow Ragflow version 0.12.0 allows for full read server-side request forgery (SSRF), arbitrary file read, and remote code execution (RCE). The issue arises in the 'web_crawl' function of 'document_app.py', where URL parameters are not properly filtered. This lack of validation enables attackers to exploit SSRF by accessing internal network addresses and retrieving their content through generated PDF files. The vulnerability also permits arbitrary file read by exploiting the file protocol to access server files. Additionally, the application uses an outdated version of Chromium in headless mode, with the 'no-sandbox' option enabled, creating a risk of RCE through known Chromium V8 vulnerabilities.

Impact

Exploitation of this vulnerability leads to full read SSRF, allowing access to internal network resources, arbitrary file read from the server, and remote code execution on the Ragflow API server.

Reproduction

To reproduce this vulnerability, send a POST request to the '/v1/document/web_crawl' endpoint with the 'url' parameter set to an internal address or a file path, depending on the desired exploitation (SSRF or arbitrary file read). After the request is processed, the content can be accessed through the '/v1/file/get/{pdf_id}' interface. For the remote code execution aspect, the same '/v1/document/web_crawl' endpoint can be used, but with a URL pointing to a hosted proof-of-concept file that exploits the Chromium V8 vulnerability, leveraging the 'no-sandbox' mode to execute commands on the server.

Remediation

Users should update to Infiniflow Ragflow version 0.14.0 or later, where this vulnerability has been fixed.