Remote Code Execution (RCE) Vulnerability in Langflow equ<1.0.18
CVE-2024-48061

9.8CRITICAL

Key Information:

Vendor: langflow
Status: Langflow
Vendor: CVE Published:; 4 November 2024

What is CVE-2024-48061?

The affected version of Langflow permits Remote Code Execution (RCE), allowing unauthorized users to execute arbitrary code on the host machine. This occurs because components provided with code functionality are executed locally instead of being sandboxed, potentially exposing systems to malware and other security threats. It is essential for users to take immediate action to update to a secure version to mitigate this risk.

References

https://rumbling-slice-eb0.notion.site/There-is-a-Remote-...

https://gist.github.com/AfterSnows/1e58257867002462923fd6...

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024

CVE-2024-48061 Data

JSON

langflow

What is CVE-2024-48061?

References

EPSS Score

CVSS V3.1

Timeline