Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Langflow Privilege Escalation
Vulnerability Description
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
动态管理代码资源的控制不恰当
Vulnerability Title
Langflow 安全漏洞
Vulnerability Description
Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.0.13之前版本存在安全漏洞,该漏洞源于存在权限提升问题,允许远程且权限较低的攻击者通过在/api/v1/users端点执行批量赋值请求来获得超级管理员权限。
CVSS Information
N/A
Vulnerability Type
N/A