Filtered by vendor Langflow Subscriptions
Filtered by product Langflow Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-37014 1 Langflow 1 Langflow 2024-11-21 9.8 Critical
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.
CVE-2024-48061 1 Langflow 1 Langflow 2024-11-06 9.8 Critical
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
CVE-2024-42835 1 Langflow 1 Langflow 2024-11-01 9.8 Critical
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
CVE-2024-9277 1 Langflow 1 Langflow 2024-09-30 3.5 Low
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.