Enviar #792231: LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918)información

Título	LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918)
Descripción	# Technical Details A Blind Server-Side Request Forgery (SSRF) vulnerability exists in the `get_api_tool_provider_remote_schema` method of the `ApiToolManageService` component in Dify. While Dify typically uses an internal `core.helper.ssrf_proxy` mechanism to safely fetch external resources, this specific API tool fetch function bypasses the proxy entirely. It directly utilizes an `httpx.get` call on user-provided URLs without validating whether the target address points to private or internal network ranges. # Vulnerable Code File: api/services/tools/api_tools_manage_service.py Method: get_api_tool_provider_remote_schema Why: The function takes a `url` parameter supplied by the user (intended to point to a remote OpenAPI JSON schema definition). The function directly calls `response = get(url, headers=headers, timeout=10)` (where `get` is imported directly from `httpx`). There is zero IP filtering or proxy redirection applied to the request. # Reproduction 1. Authenticate to the Dify API console to obtain a valid access token and CSRF token. 2. Send an HTTP GET request to the vulnerable endpoint: `/console/api/workspaces/current/tool-provider/api/remote` passing an internal or cloud metadata URL in the query parameter (e.g., `?url=http://x.x.x.x/` or `?url=http://docker_redis_1:6379/`). 3. Observe the server's response: - If the internal port is OPEN (e.g., Redis): The Dify server connects, receives the raw service data (which fails JSON parsing), and returns an `invalid_param` error. - If the internal port is CLOSED: The Dify server returns a connection timeout or connection refused error. 4. Using these error differentials, an attacker can map the internal network. # Impact - Internal Network Reconnaissance (Attackers can map internal IPs and open ports via error differentials). - Cloud Metadata Access (Retrieval of instance metadata and IAM credentials in AWS/GCP/Azure environments). - Internal Service Interaction (Triggering GET-based state-changing actions on internal REST APIs).
Fuente	⚠️ https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63
Usuario	Eric-g (UID 96879)
Sumisión	2026-03-29 05:58 (hace 22 días)
Moderación	2026-04-19 18:18 (22 days later)
Estado	Aceptado
Entrada de VulDB	358252 [langgenius dify hasta 0.6.9 ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema url escalada de privilegios]
Puntos	20

◂ Anterior Visión De Conjunto Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!