Johnjyong

**Name of the Vulnerable Software and Affected Versions** langgenius/dify version 0.10.2 **Description** A Server-Side Request Forgery (SSRF) issue was identified in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the `reltype` value is requested as a URL using the `requests` module instead of the `ssrf proxy`, leading to an SSRF issue. **Recommendations** For version 0.10.2, update to version 0.11.0 to resolve the issue. As a temporary workaround, consider restricting the upload of DOCX files with external relationships or disabling the 'Create Knowledge' section until the update is applied.