Cyber Resilience

CVE-2024-11822

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0029 52.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11822 is a high-severity SSRF (CWE-918) vulnerability in Dify Dify. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2024-11822 is a Server-Side Request Forgery (SSRF) vulnerability, classified as CWE-918, affecting langgenius/dify version 0.9.1. The issue arises from improper handling of the api_endpoint parameter, which allows attackers to make direct requests to internal network services from the vulnerable application.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, score 7.5). Exploitation enables unauthorized access to internal servers and potential exposure of sensitive information, including the AWS metadata endpoint.

The primary advisory is available on Huntr.com at https://huntr.com/bounties/f3042029-5d4e-41c6-850d-bbe02fae6592, which details the vulnerability report but does not specify patches or mitigations in the provided information.

EU & UK References

Vulnerability details

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal…

more

servers and potentially expose sensitive information, including access to the AWS metadata endpoint.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: dify

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF in public-facing app directly enables remote exploitation for initial access (T1190) and facilitates internal network service discovery (T1046) via arbitrary requests to internal endpoints including metadata services.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41947Same product: Dify Dify
CVE-2026-41949Same product: Dify Dify
CVE-2026-41948Same product: Dify Dify
CVE-2025-0185Same product: Dify Dify
CVE-2024-13924Shared CWE-918
CVE-2026-42860Shared CWE-918
CVE-2025-25785Shared CWE-918
CVE-2024-53705Shared CWE-918
CVE-2026-5418Shared CWE-918
CVE-2026-45082Shared CWE-918

Affected Assets

dify
dify
0.9.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and filtering of the api_endpoint parameter to prevent attackers from injecting internal network URLs causing SSRF.

preventdetect

Implements boundary protections like firewalls or proxies to monitor and block unauthorized outbound requests from the application to internal services such as the AWS metadata endpoint.

prevent

Enforces information flow control policies that restrict the application's communications to internal network resources, mitigating SSRF exploitation.

References