Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
Vulnerability Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Langflow 路径遍历漏洞
Vulnerability Description
Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.7.1之前版本存在路径遍历漏洞,该漏洞源于/profile_pictures/{folder_name}/{file_name}端点参数过滤不严格,可能导致跨目录读取secret_key。
CVSS Information
N/A
Vulnerability Type
N/A