langgenius Dify Server-Side Request Forgery Vulnerability in Custom Tool Testing

A server-side request forgery (SSRF) vulnerability has been identified in langgenius Dify version 0.10.1. This vulnerability exists in the test functionality for the Create Custom Tool option, accessible via the REST API POST /console/api/workspaces/current/tool-provider/api/test/pre. Attackers can exploit this vulnerability by inserting arbitrary URL targets into the servers dictionary of OpenAI's schema, potentially allowing them to misuse the Dify server's credentials to access unauthorized web resources.

Impact

Exploitation of this vulnerability allows attackers to abuse the Dify server's credentials to access unauthorized web resources, potentially leading to the disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, log in as a normal user on the Dify web server. Navigate to the Tools section, select Custom, and click on Create Custom Tool. Choose the Weather(JSON) example, and modify the servers' URL to point to an internal target, such as a local server endpoint containing sensitive information. After sending the request, the Test Results will display the retrieved data from the targeted URL, demonstrating the SSRF vulnerability.