CVE-2024-12779

CVE-2024-12779 is a Server-Side Request Forgery (SSRF) vulnerability affecting infiniflow/ragflow version 0.12.0. The issue resides in the POST /v1/llm/add_llm and POST /v1/conversation/tts endpoints, where attackers can specify an arbitrary URL as the api_base parameter when adding an OPENAITTS model. This allows subsequent requests to the tts REST API endpoint to fetch and read contents from the attacker-controlled URL. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-918.

Any unauthenticated attacker with network access to the vulnerable RAGFlow instance can exploit this SSRF by first submitting a request to add an LLM model with a malicious api_base URL pointing to internal or restricted resources. They can then trigger the tts endpoint to proxy requests to that URL, enabling them to read sensitive data such as internal web services, metadata endpoints, or other backend resources inaccessible from the internet. This results in high confidentiality impact without requiring privileges, user interaction, or elevated complexity.

Details on the vulnerability, including potential patches or workarounds, are documented in advisories from the Huntr bug bounty program at https://huntr.com/bounties/3cc748ba-2afb-4bfe-8553-10eb6d6dd4f0.

RAGFlow is a framework for retrieval-augmented generation (RAG) workflows involving large language models (LLMs), making this SSRF particularly relevant in AI/ML deployment environments where internal LLM APIs or data stores may be exposed. No public information on real-world exploitation is available as of the CVE publication on 2025-03-20.