https://vulnerability.circl.lu/sightings/feed 2026-05-06T12:10:43.737201+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/907c938c-2d5d-4cd7-aaa6-7304292c0e51/export 2026-05-06T12:10:44.103599+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "907c938c-2d5d-4cd7-aaa6-7304292c0e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10131", "type": "seen", "source": "https://t.me/cvedetector/8350", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10131 - InfiniFlow RCE via User-Controlled Class Instantiation\", \n \"Content\": \"CVE ID : CVE-2024-10131 \nPublished : Oct. 19, 2024, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T07:07:52.000000Z"} 2024-10-19T07:07:52+00:00