CVE-2024-8182: Flowise Unauthenticated Denial of Service (DoS) vulnerability

August 27, 2024

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the /api/v1/get-upload-file api endpoint.

References

github.com/FlowiseAI/Flowise
github.com/advisories/GHSA-48x4-mx8f-gr4h
nvd.nist.gov/vuln/detail/CVE-2024-8182
tenable.com/security/research/tra-2024-34

Code Behaviors & Features

Detect and mitigate CVE-2024-8182 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →