In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF files. Additionally, the lack of restrictions on the file protocol enables Arbitrary File Read, allowing attackers to read server files. Furthermore, the use of an outdated Chromium headless version with --no-sandbox mode enabled makes the application susceptible to Remote Code Execution (RCE) via known Chromium v8 vulnerabilities. These issues are resolved in version 0.14.0.
The `web_crawl` function in the `document_app.py` file does not filter URL parameters passed by the user, allowing an attacker to direct requests to internal network addresses (Full Read SSRF) — results are exfiltrated through generated PDF files. Lack of restrictions on the `file://` protocol enables direct file reading from the server's file system (Arbitrary File Read). Additionally, the application uses an outdated version of Chromium browser running in headless mode with the --no-sandbox option, which allows exploitation of known V8 engine vulnerabilities for remote code execution (RCE).
An attacker can gain full access to the victim's internal network and read arbitrary files from the server (including credentials and configuration data), and through RCE can take complete control of the system.
Infiniflow RAGflow should be updated to version 0.14.0, in which the vulnerabilities have been patched. Patch details are available in the vendor's references (commit 3faae0b2c2f8a26233ee1442ba04874b3406f6e9 in the GitHub repository).
Infiniflow RAGflow version 0.12.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HInfiniflow Ragflow
APPInfiniflow0.12.0
Related vulnerabilities
Zip Slip RCE w RAGFlow — nadpisanie plików przez złośliwe archiwum ZIP
Przejęcie konta w RAGFlow poprzez brute-force kodów weryfikacyjnych
RCE w Infiniflow RagFlow — statyczny klucz AuthKey i niebezpieczna deserializacja pickle
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-...
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of...