RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents.
References
Link | Resource |
---|---|
https://github.com/infiniflow/ragflow/blob/cec208051f6f5996fefc8f36b6b71231b1807533/web/src/hooks/document-hooks.ts#L23 | Product |
https://github.com/thanhtung4102/Unauthentication-in-Ragflow | Exploit Third Party Advisory |
Configurations
History
10 Jul 2025, 22:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/infiniflow/ragflow/blob/cec208051f6f5996fefc8f36b6b71231b1807533/web/src/hooks/document-hooks.ts#L23 - Product | |
References | () https://github.com/thanhtung4102/Unauthentication-in-Ragflow - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:infiniflow:ragflow:0.13.0:*:*:*:*:*:*:* | |
First Time |
Infiniflow ragflow
Infiniflow |
11 Dec 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-125 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
09 Dec 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-12-09 17:15
Updated : 2025-07-10 22:34
NVD link : CVE-2024-53450
Mitre link : CVE-2024-53450
CVE.ORG link : CVE-2024-53450
JSON object : View
Products Affected
infiniflow
- ragflow
CWE
CWE-125
Out-of-bounds Read