Описание
Duplicate Advisory: Langflow Vulnerable to Code Injection via the /api/v1/validate/code endpoint
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-rvqx-wpfh-mfx7. This link is maintained to preserve external references.
Original Description
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
Пакеты
Наименование
langflow
pip
Затронутые версииВерсия исправления
< 1.3.0
1.3.0
9.8 Critical
CVSS3
Дефекты
CWE-306
CWE-94
9.8 Critical
CVSS3
Дефекты
CWE-306
CWE-94