CVE-2024-9277
CVSS 3.1 Score 3.5 of 10 (low)
Details
Summary
CVE-2024-9277 is a vulnerability identified in Langflow versions up to 1.0.18, affecting the HTTP POST Request Handler component located in the file \src\backend\base\langflow\interface\utils.py. This flaw arises from inefficient regular expression complexity due to manipulation of the argument remaining_text, which could potentially be exploited by an attacker. The severity of this vulnerability is classified as low, with a CVSS base score of 3.5 and an exploitability score of 2.1, indicating that it requires low privileges and no user interaction for exploitation over an adjacent network. Organizations using affected products, which include various Langflow components (e.g., xV9mhS, y-KMAI), should consider implementing remediation measures as there has been public disclosure of the exploit without vendor response. Recommended actions may include upgrading to a patched version or applying relevant security configurations to mitigate potential risks associated with this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.