ГлавнаяУязвимости → CVE-2024-37014
9.8критическая

CVE-2024-37014

Описание

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.

Затрагиваемое ПО
Langflow Langflow
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/langflow-ai/langflow/issues/1973https://github.com/langflow-ai/langflow/issues/1973