CVE-2024-10252

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Mar 20, 2025

CWE ID 94

Summary

CVE-2024-10252 is a newly disclosed vulnerability affecting versions of the langgenius/dify package below v0.9.1. This issue permits code injection through internal Server Side Request Forgery (SSRF) requests in the Dify sandbox service. An attacker can exploit this vulnerability to execute arbitrary Python code with root privileges inside the sandbox environment. The potential consequences include the deletion of the entire sandbox service, resulting in significant and possibly irreversible damage.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zv0He1
https://www.cve.org/CVERecord?id=CVE-2024-10252
https://nvd.nist.gov/vuln/detail/CVE-2024-10252

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-10252

CVSS 3.0 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations