Lucene search

CVE-2024-36420 GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file

🗓️ 01 Jul 2024 15:14:53Reported by GitHub_MType

Flowise Path Injection at /api/v1/openai-assistants-file due to lack of fileName parameter sanitizatio

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
NVD	CVE-2024-36420	1 Jul 202416:15	–	nvd
OSV	CVE-2024-36420	1 Jul 202416:15	–	osv
OSV	GHSA-H997-3FXJ-P5J8 Flowise Path Injection at /api/v1/openai-assistants-file	5 Aug 202421:29	–	osv
RedhatCVE	CVE-2024-36420	5 Feb 202504:53	–	redhatcve
CVE	CVE-2024-36420	1 Jul 202416:15	–	cve
Veracode	Code Injection	3 Jul 202406:35	–	veracode
Vulnrichment	CVE-2024-36420 GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file	1 Jul 202415:53	–	vulnrichment
Github Security Blog	Flowise Path Injection at /api/v1/openai-assistants-file	5 Aug 202421:29	–	github

[
  {
    "vendor": "FlowiseAI",
    "product": "Flowise",
    "versions": [
      {
        "version": "<= 1.4.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/FlowiseAI/Flowise/blob/e93ce07851cdc0fcde12374f301b8070f2043687/packages/server/src/index.ts
securitylab	www.securitylab.github.com/advisories/GHSL-2023-232_GHSL-2023-234_Flowise/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Jul 2024 15:53Current

CVSS37.5

EPSS0.001

CWE-74