CVE-2024-8182

Name of the Vulnerable Software and Affected Versions: Flowise version 1.8.2

Description: An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise, leading to a complete crash of the instance running a vulnerable version due to improper handling of user-supplied input to the "/api/v1/get-upload-file" API endpoint.

Recommendations: For Flowise version 1.8.2, as a temporary workaround, consider restricting access to the "/api/v1/get-upload-file" API endpoint until a patch is available. Additionally, avoid using this endpoint with untrusted user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.