Infiniflow Ragflow Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Infiniflow Ragflow version 0.12.0. This vulnerability affects the `POST /v1/llm/add_llm` and `POST /v1/conversation/tts` endpoints. Attackers can exploit this vulnerability by specifying an arbitrary URL as the `api_base` when adding an `OPENAITTS` model. They can then access the `tts` REST API endpoint to read contents from the specified URL, potentially leading to unauthorized access to internal web resources.

Impact

Exploitation of this vulnerability allows attackers to access unauthorized web resources by abusing the victim server's credentials.

Reproduction

To reproduce this vulnerability, first set up the Ragflow web server. After the server is running, send a `POST` request to the `/v1/llm/add_llm` endpoint, including an arbitrary URL as the `api_base`. This request should be made with the appropriate headers and session information. After adding the `OPENAITTS` model, send a second `POST` request to the `/v1/conversation/tts` endpoint. Include a text parameter in the request. The response will contain the data from the URL specified in the first request, demonstrating the SSRF vulnerability.