CVE-2024-9277

Опубликовано: 27 сент. 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 6.5

CVSS2: 2.3

EPSS Низкий

Описание

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://rumbling-slice-eb0.notion.site/Remote-Redos-in-https-github-com-langflow-ai-langflow-067159ced0d5494e91b06071384969c4?pvs=4
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.278659
Permissions Required
VDB Entry
https://vuldb.com/?id.278659
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.410043
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*

Версия до 1.0.18 (включая)

EPSS

Процентиль: 38%

0.0017

Низкий

3.5 Low

CVSS3

6.5 Medium

CVSS3

2.3 Low

CVSS2

Дефекты

CWE-1333

Связанные уязвимости

GHSA-355v-2rjx-fpx7

CVSS3: 3.5

github

больше 1 года назад

Inefficient Regular Expression Complexity in langflow

EPSS

Процентиль: 38%

0.0017

Низкий

3.5 Low

CVSS3

6.5 Medium

CVSS3

2.3 Low

CVSS2

Дефекты

CWE-1333