CVE-2024-10131 | infiniflow ragflow up to 0.11.0 llm_app.py add_llm req[‘llm_factory’]/req[‘llm_name’] command injection

CVE-2024-10131 | infiniflow ragflow up to 0.11.0 llm_app.py add_llm req[‘llm_factory’]/req[‘llm_name’] command injection

A vulnerability classified as very critical has been found in infiniflow ragflow up to 0.11.0. Affected is the function add_llm of the file llm_app.py. The manipulation of the argument req['llm_factory']/req['llm_name'] leads to command injection. This vulnerability is traded as CVE-2024-10131. It is possible to launch the attack remotely. There is no exploit available.