Описание
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fs_path, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.
Ссылки
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.0 (исключая)
cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
7.1 High
CVSS3
Дефекты
CWE-73
CWE-610
Связанные уязвимости
CVSS3: 7.1
github
около 2 месяцев назад
External Control of File Name or Path in Langflow
EPSS
Процентиль: 16%
0.00052
Низкий
7.1 High
CVSS3
Дефекты
CWE-73
CWE-610