{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8182", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2024-08-26T15:06:27.326Z", "datePublished": "2024-08-27T13:09:02.433Z", "dateUpdated": "2024-08-27T13:53:23.463Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Flowise", "vendor": "FlowiseAI", "versions": [{"status": "affected", "version": "1.8.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the \u201c/api/v1/get-upload-file\u201d api endpoint.<br><br>"}], "value": "An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the \u201c/api/v1/get-upload-file\u201d api endpoint."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2024-08-27T13:09:02.433Z"}, "references": [{"url": "https://tenable.com/security/research/tra-2024-34"}], "source": {"discovery": "UNKNOWN"}, "title": "Flowise Denial of Service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "affected": [{"vendor": "flowiseai", "product": "flowise", "cpes": ["cpe:2.3:a:flowiseai:flowise:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.8.2", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T13:51:26.775869Z", "id": "CVE-2024-8182", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T13:53:23.463Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8182", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-27T13:51:26.775869Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:flowiseai:flowise:-:*:*:*:*:*:*:*"], "vendor": "flowiseai", "product": "flowise", "versions": [{"status": "affected", "version": "1.8.2"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T13:53:17.248Z"}}], "cna": {"title": "Flowise Denial of Service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "FlowiseAI", "product": "Flowise", "versions": [{"status": "affected", "version": "1.8.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://tenable.com/security/research/tra-2024-34"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the \u201c/api/v1/get-upload-file\u201d api endpoint.", "supportingMedia": [{"type": "text/html", "value": "An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the \u201c/api/v1/get-upload-file\u201d api endpoint.<br><br>", "base64": false}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2024-08-27T13:09:02.433Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8182", "state": "PUBLISHED", "dateUpdated": "2024-08-27T13:53:23.463Z", "dateReserved": "2024-08-26T15:06:27.326Z", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "datePublished": "2024-08-27T13:09:02.433Z", "assignerShortName": "tenable"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D93DAF76-A697-49E1-A229-24D5498A1EC6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the \u201c/api/v1/get-upload-file\u201d api endpoint."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en la versi\u00f3n 1.8.2 de Flowise, lo que provoca un bloqueo completo de la instancia que ejecuta una versi\u00f3n vulnerable debido al manejo inadecuado de la entrada proporcionada por el usuario en el archivo \u201c/api/v1/get-upload-file\u201d endpoint de la API."}], "id": "CVE-2024-8182", "lastModified": "2024-08-30T13:53:52.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "vulnreport@tenable.com", "type": "Secondary"}]}, "published": "2024-08-27T13:15:07.093", "references": [{"source": "vulnreport@tenable.com", "tags": ["Third Party Advisory"], "url": "https://tenable.com/security/research/tra-2024-34"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}