Lucene search

GitHub Advisory DatabaseGHSA-48X4-MX8F-GR4H

HistoryAug 27, 2024 - 3:32 p.m.

Flowise Unauthenticated Denial of Service (DoS) vulnerability

2024-08-2715:32:51

CWE-400

GitHub Advisory Database

github.com

flowise

unauthenticated

denial of service

vulnerability

version 1.8.2

crash

improper handling

user input

api endpoint

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the /api/v1/get-upload-file api endpoint.

Affected configurations

Vulners

Node

flowiseaiflowiseRange≤1.8.2

VendorProductVersionCPE
flowiseaiflowise*cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flowiseai	flowise	*	cpe:2.3:a:flowiseai:flowise::::::::

References

github.com/advisories/GHSA-48x4-mx8f-gr4h

nvd.nist.gov/vuln/detail/CVE-2024-8182

tenable.com/security/research/tra-2024-34

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for GHSA-48X4-MX8F-GR4H