PyPI package
langflow
pkg:pypi/langflow
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-48061 | — | <= 1.0.18 | — | Nov 4, 2024 | langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. | ||
| CVE-2024-42835 | — | <= 1.0.12 | — | Oct 31, 2024 | langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. | ||
| CVE-2024-9277 | — | <= 1.0.18 | — | Sep 27, 2024 | A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainin | ||
| CVE-2024-37014 | — | < 1.0.15 | 1.0.15 | Jun 10, 2024 | Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. |
- CVE-2024-48061Nov 4, 2024affected <= 1.0.18
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
- CVE-2024-42835Oct 31, 2024affected <= 1.0.12
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
- CVE-2024-9277Sep 27, 2024affected <= 1.0.18
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainin
- CVE-2024-37014Jun 10, 2024affected < 1.0.15fixed 1.0.15
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.
Page 2 of 2