CVE-2024-31621: Flowise vulnerable to code injection via api/v1
(updated )
An issue in FlowiseAI Inc Flowise prior to v1.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.
References
- flowiseai.com/
- github.com/FlowiseAI/Flowise
- github.com/FlowiseAI/Flowise/blob/flowise%401.6.5/packages/server/src/index.ts
- github.com/FlowiseAI/Flowise/commit/e32b64344544312bf38b3e1fefe7b26c1776a426
- github.com/advisories/GHSA-6wp6-22x5-rr3w
- nvd.nist.gov/vuln/detail/CVE-2024-31621
- www.exploit-db.com/exploits/52001
Detect and mitigate CVE-2024-31621 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →