Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Langflow has Missing Ownership Verification in API Key Deletion (IDOR)
Vulnerability Description
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Langflow 安全漏洞
Vulnerability Description
Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.9.0之前版本存在安全漏洞,该漏洞源于delete_api_key_route端点未验证API密钥归属,可能导致任意API密钥删除。
CVSS Information
N/A
Vulnerability Type
N/A