Cristliu Cristliu
Cristliu
/ gist:7e08f8422b71c7c6cca02f2c8ad4c95e
Last active
September 30, 2025 17:56
Dify Platform PostgreSQL Default Credentials Vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerability Overview | |
| Vendor: Dify (langgenius/dify) | |
| Product: Dify - Open-source LLM application development platform | |
| Affected Versions: <= v1.9.1 | |
| Vulnerability Type: CWE-798 (Use of Hard-coded Credentials) | |
| 1. Attack Type: | |
| Remote | |
| Local (for internal environments with exposed services) |