Wenject

**Name of the Vulnerable Software and Affected Versions** langflow versions prior to 1.8.5 **Description** A remote code injection issue exists in the LambdaFilterComponent. The flaw is located within the `eval()` function of the file src/lfx/src/lfx/components/llm operations/lambda filter.p, allowing a remote attacker to execute arbitrary code through manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `eval()` function within the LambdaFilterComponent to minimize the risk of exploitation.