PT-2024-35745 · Ragflow · Ragflow
Thanhtung4102
·
Published
2024-12-09
·
Updated
2025-07-10
·
CVE-2024-53450
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
RAGFlow version 0.13.0
Description
The issue is related to improper access control in the
document-hooks.ts file, which allows unauthorized access to user documents.Recommendations
For RAGFlow version 0.13.0, consider restricting access to the
document-hooks.ts file until a patch is available. As a temporary workaround, review and limit user permissions to minimize the risk of unauthorized document access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ragflow