-
Langfuse Server Side Request Forgery(SSRF)Bug Bounty 2025. 8. 31. 01:44
https://github.com/langfuse/langfuse
GitHub - langfuse/langfuse: 🪢 Open source LLM engineering platform: LLM Observability, metrics, evals, prompt management, pla
🪢 Open source LLM engineering platform: LLM Observability, metrics, evals, prompt management, playground, datasets. Integrates with OpenTelemetry, Langchain, OpenAI SDK, LiteLLM, and more. 🍊YC W23 ...
github.com
Patched
https://github.com/langfuse/langfuse/pull/8821
chore: validate IP adresses by maxdeichmann · Pull Request #8821 · langfuse/langfuse
ImportantAdds IP address validation to prevent SSRF attacks, integrates it into webhook processing, and includes comprehensive tests. Behavior: Adds IP address validation to prevent SSRF attacks ...
github.com
https://langfuse.com/security/responsible-disclosure#hall-of-fame 'Bug Bounty' 카테고리의 다른 글
HashiCorp Vault Remote Code Execute via SQL Injection (0) 2025.08.24 Remote Code Execution Vulnerability in pgAdmin (CVE-2025-2945) (0) 2025.04.04 Flowise RCE via File Upload (0) 2025.03.15 CVE-2024-7773/CVE-2024-45436 in Ollama RCE (0) 2024.10.08 CVE-2023-50718 in nocoDB SQL injection (0) 2024.05.14 댓글