CVE-2024-48061

CRITICAL

Published 2024-11-04T00:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-48061. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

9.8

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.114

Higher than 11.4% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

langflow

Affected Versions:

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Langflow vulnerable to remote code execution

GHSA-5p5r-57fx-pmfr

Advisory Details

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.

Affected Packages

PyPI langflow

ECOSYSTEM: ≥0 ≤1.0.18

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-48061

WEB https://github.com/langflow-ai/langflow/issues/696

WEB https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61

PACKAGE https://github.com/langflow-ai/langflow

WEB https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8

Advisory provided by GitHub Security Advisory Database. Published: November 5, 2024, Modified: November 6, 2024

References

https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8

https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61

Published: 2024-11-04T00:00:00

Last Modified: 2024-11-06T19:18:23.293Z

Copied to clipboard!

CVE-2024-48061

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

langflow

Affected Versions:

GitHub Security Advisories

Langflow vulnerable to remote code execution

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!