CVE-2024-9277

Name of the Vulnerable Software and Affected Versions Langflow versions up to 1.0.18

Description A problematic vulnerability was found in Langflow, affecting an unknown functionality of the file srcbackendbaselangflowinterfaceutils.py of the component HTTP POST Request Handler. The manipulation of the remaining text argument leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Langflow versions up to 1.0.18, patch the software as soon as possible and monitor for exploit attempts to prevent disruption via crafted HTTP requests. As a temporary workaround, consider restricting the use of the remaining text argument in the affected HTTP POST Request Handler until a patch is available.