CVE-2024-8182

2024-08-2713:15:07

CWE-400

tenable

web.nvd.nist.gov

unauthenticated

denial of service

flowise

version 1.8.2

user supplied input

api endpoint

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.

Affected configurations

Nvd

Node

flowiseaiflowiseMatch1.8.2

VendorProductVersionCPE
flowiseaiflowise1.8.2cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flowiseai	flowise	1.8.2	cpe:2.3:a:flowiseai:flowise:1.8.2:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Flowise",
    "vendor": "FlowiseAI",
    "versions": [
      {
        "status": "affected",
        "version": "1.8.2"
      }
    ]
  }
]