Huseyingulsin

**Name of the Vulnerable Software and Affected Versions** Langflow versions prior to 1.9.0 **Description** Langflow is susceptible to an unauthenticated remote shell injection issue in GitHub Actions workflows. The issue stems from the unsanitized interpolation of GitHub context variables, such as `${{ github.head ref }}`, within `run:` steps. This allows attackers to inject and execute arbitrary shell commands by crafting malicious branch names or pull request titles. Successful exploitation can lead to the exfiltration of secrets like `GITHUB TOKEN`, manipulation of infrastructure, or compromise of the supply chain during CI/CD execution. The vulnerability exists in workflows located in `.github/workflows/` and `.github/actions/`, specifically in files like `action.yml`, `deploy-docs-draft.yml`, `docker-build.yml`, `release nightly.yml`, `python test.yml`, and `typescript test.yml`. The **API endpoints** are not directly involved in the vulnerability, but the GitHub Actions workflows are triggered by events related to branch and pull request creation. The vulnerable parameters are the GitHub context variables, such as `github.head ref` and `github.event.pull request.title`. **Recommendations** Versions prior to 1.9.0 should be updated to version 1.9.0 or later. Refactor affected workflows to use environment variables and wrap them in double quotes. Avoid direct `${{ ... }}` interpolation inside `run:` for any user-controlled value.