提出 #792231: LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918)情報

タイトル	LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918)
説明	# Technical Details A Blind Server-Side Request Forgery (SSRF) vulnerability exists in the `get_api_tool_provider_remote_schema` method of the `ApiToolManageService` component in Dify. While Dify typically uses an internal `core.helper.ssrf_proxy` mechanism to safely fetch external resources, this specific API tool fetch function bypasses the proxy entirely. It directly utilizes an `httpx.get` call on user-provided URLs without validating whether the target address points to private or internal network ranges. # Vulnerable Code File: api/services/tools/api_tools_manage_service.py Method: get_api_tool_provider_remote_schema Why: The function takes a `url` parameter supplied by the user (intended to point to a remote OpenAPI JSON schema definition). The function directly calls `response = get(url, headers=headers, timeout=10)` (where `get` is imported directly from `httpx`). There is zero IP filtering or proxy redirection applied to the request. # Reproduction 1. Authenticate to the Dify API console to obtain a valid access token and CSRF token. 2. Send an HTTP GET request to the vulnerable endpoint: `/console/api/workspaces/current/tool-provider/api/remote` passing an internal or cloud metadata URL in the query parameter (e.g., `?url=http://x.x.x.x/` or `?url=http://docker_redis_1:6379/`). 3. Observe the server's response: - If the internal port is OPEN (e.g., Redis): The Dify server connects, receives the raw service data (which fails JSON parsing), and returns an `invalid_param` error. - If the internal port is CLOSED: The Dify server returns a connection timeout or connection refused error. 4. Using these error differentials, an attacker can map the internal network. # Impact - Internal Network Reconnaissance (Attackers can map internal IPs and open ports via error differentials). - Cloud Metadata Access (Retrieval of instance metadata and IAM credentials in AWS/GCP/Azure environments). - Internal Service Interaction (Triggering GET-based state-changing actions on internal REST APIs).
ソース	⚠️ https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63
ユーザー	Eric-g (UID 96879)
送信	2026年03月29日 05:58 (22 日 ago)
モデレーション	2026年04月19日 18:18 (22 days later)
ステータス	承諾済み
VulDBエントリ	358252 [langgenius dify 迄 0.6.9 ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema url 特権昇格]
ポイント	20

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!