CVE-2024-11822
📋 TL;DR
This Server-Side Request Forgery (SSRF) vulnerability in langgenius/dify version 0.9.1 allows attackers to make unauthorized requests to internal network services by manipulating the api_endpoint parameter. This can lead to exposure of sensitive internal systems and data, including AWS metadata. Organizations running vulnerable versions of Dify are affected.
💻 Affected Systems
- langgenius/dify
📦 What is this software?
Dify by Dify
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains access to AWS metadata endpoint, obtains cloud credentials, and compromises the entire cloud infrastructure, leading to data exfiltration, resource hijacking, or complete system takeover.
Likely Case
Attacker maps internal network, accesses internal APIs or services, and potentially steals sensitive data from internal systems that shouldn't be exposed externally.
If Mitigated
Requests are blocked at network perimeter, internal services have proper authentication, and the impact is limited to reconnaissance without data access.
🎯 Exploit Status
Exploitation requires understanding of the vulnerable endpoint and ability to craft SSRF payloads. No public exploit code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.9.2 or later
Vendor Advisory: https://huntr.com/bounties/f3042029-5d4e-41c6-850d-bbe02fae6592
Restart Required: No
Instructions:
1. Update Dify to version 0.9.2 or later. 2. Follow standard update procedures for your deployment method (Docker, Kubernetes, etc.). 3. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allRestrict outbound network access from the Dify application to only necessary external services
Input Validation
allImplement strict validation of the api_endpoint parameter to only allow expected domains/URLs
🧯 If You Can't Patch
- Implement network-level restrictions to block outbound requests from Dify to internal IP ranges and AWS metadata endpoint (169.254.169.254)
- Deploy a web application firewall (WAF) with SSRF protection rules to filter malicious requests
🔍 How to Verify
Check if Vulnerable:
Check if running Dify version 0.9.1. Test by attempting to make a request to internal services via the vulnerable endpoint if you have authorized access.Check Version:
docker exec <dify_container> python -c "import dify; print(dify.__version__)" or check deployment configurationVerify Fix Applied:
Verify Dify version is 0.9.2 or later. Test that SSRF attempts via the api_endpoint parameter are now properly blocked or validated.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound requests from Dify to internal IP addresses
- Requests to AWS metadata endpoint (169.254.169.254)
- Multiple failed validation attempts on api_endpoint parameter
Network Indicators:
- Outbound connections from Dify server to internal network ranges
- Requests to cloud metadata services
SIEM Query:
source="dify" AND (dest_ip=169.254.169.254 OR dest_ip IN [10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16])