RAGFlow
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine (52.8K stars) with an HTTP API that accepts structured configuration from authenticated users. A reflective setter in the configuration-update path has no path validation.
| Field | Value |
|---|---|
| Repository | infiniflow/ragflow |
| Version | v0.19.0 |
| CVE | — (no CVE assigned) |
| Type | Constrained-Get × Attr-Set |
| Input | Remote (HTTP) |
| Status | Reported |
Vulnerability
TODO: identify the exact sink function and include annotated code.
Exploitation
1. Denial of Service
TODO: key path and payload.
Detection by Pyrl
TODO: taint flow summary.
Disclosure timeline
TODO: dates for report.
Proof of concept
TODO: link to cp-collection entry if available.
References
- TODO.