CVE-2024-9277

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Sep 27, 2024
Updated: Sep 30, 2024
CWE ID 1333

Summary

CVE-2024-9277 is a vulnerability identified in Langflow versions up to 1.0.18, affecting the HTTP POST Request Handler component located in the file \src\backend\base\langflow\interface\utils.py. This flaw arises from inefficient regular expression complexity due to manipulation of the argument remaining_text, which could potentially be exploited by an attacker. The severity of this vulnerability is classified as low, with a CVSS base score of 3.5 and an exploitability score of 2.1, indicating that it requires low privileges and no user interaction for exploitation over an adjacent network. Organizations using affected products, which include various Langflow components (e.g., xV9mhS, y-KMAI), should consider implementing remediation measures as there has been public disclosure of the exploit without vendor response. Recommended actions may include upgrading to a patched version or applying relevant security configurations to mitigate potential risks associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share