PT-2024-32975 · Langflow · Langflow
Aftersnow
+1
·
Published
2024-11-04
·
Updated
2024-11-06
·
CVE-2024-48061
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
langflow versions <=1.0.18
Description
The issue allows for Remote Code Execution (RCE) because any component that provides code functionality runs on the local machine rather than in a sandbox.
Recommendations
For versions <=1.0.18, update to a version above 1.0.18 to resolve the issue. As a temporary workaround, consider restricting the use of components that provide code functionality to minimize the risk of exploitation.
Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Langflow