CVE-2024-11850
📋 TL;DR
A stored cross-site scripting (XSS) vulnerability in langgenius/dify allows attackers to inject malicious SVG content through the chatbot feature. When an admin views the compromised content, arbitrary JavaScript executes, potentially enabling credential theft or session hijacking. This affects all users of vulnerable dify installations with SVG markdown support enabled.
💻 Affected Systems
- langgenius/dify
📦 What is this software?
Dify by Langgenius
⚠️ Risk & Real-World Impact
Worst Case
Admin account compromise leading to full system takeover, data exfiltration, or deployment of backdoors.
Likely Case
Session hijacking of admin accounts, credential theft, or unauthorized actions performed with admin privileges.
If Mitigated
Limited impact with proper input validation and output encoding, potentially only affecting specific admin functions.
🎯 Exploit Status
Exploitation requires ability to inject SVG content into chatbot, then admin must view it. Public proof-of-concept available on huntr.com.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in reference, but fix exists according to huntr.com report
Vendor Advisory: https://huntr.com/bounties/893da115-028d-4718-b586-a2b77897a470
Restart Required: Yes
Instructions:
1. Update to latest patched version of dify. 2. Restart the dify application/service. 3. Verify SVG input validation is properly implemented.
🔧 Temporary Workarounds
Disable SVG markdown support
allTemporarily disable SVG processing in markdown until patch can be applied
Configuration dependent - modify dify configuration to disable SVG support in markdown parser
Implement WAF rules
allBlock malicious SVG content at web application firewall level
WAF-specific - create rules to filter/block SVG content containing script tags or JavaScript
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to block inline JavaScript execution
- Restrict admin access to trusted networks only and implement multi-factor authentication
🔍 How to Verify
Check if Vulnerable:
Test by injecting SVG with script payload into chatbot markdown and checking if it executes when viewedCheck Version:
Check dify version in application interface or via package manager (e.g., docker inspect for containerized deployments)Verify Fix Applied:
Attempt same SVG injection test after patch - script should not execute📡 Detection & Monitoring
Log Indicators:
- Unusual SVG content in markdown inputs
- Admin account performing unexpected actions
Network Indicators:
- Outbound connections to suspicious domains following admin login
SIEM Query:
Search for SVG content containing script tags or JavaScript in application logs