CVE-2024-12433

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the server processes incoming data using pickle deserialization via pickle.loads() on connection.recv(), making it vulnerable to remote code execution. This issue is fixed in version 0.14.0.

Ссылки

https://github.com/infiniflow/ragflow/commit/49494d4e3c8f06a5e52cf1f7cce9fa03cadcfbf6
Patch
https://huntr.com/bounties/8a1465af-09e4-42af-9e54-0b70e7c87499
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*

Версия от 0.12.0 (включая) до 0.14.0 (исключая)

EPSS

Процентиль: 84%

0.0214

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-wr4v-pc76-3q4p

CVSS3: 9.8

github

11 месяцев назад

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the server processes incoming data using pickle deserialization via `pickle.loads()` on `connection.recv()`, making it vulnerable to remote code execution. This issue is fixed in version 0.14.0.

EPSS

Процентиль: 84%

0.0214

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502