Lucene search
GitHub Advisory DatabaseGHSA-6WP6-22X5-RR3WHistoryApr 29, 2024 - 6:30 p.m.
Flowise vulnerable to code injection via api/v1
2024-04-2918:30:45
CWE-94
GitHub Advisory Database
github.com
4
flowiseai inc flowise
v1.8.1
code injection
api/v1
vulnerability
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
AI Score
7.5
Confidence
Low
EPSS
0.006
Percentile
78.8%
An issue in FlowiseAI Inc Flowise prior to v1.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.
Affected configurations
Node
flowiseaiflowiseRange<1.8.1
References
Related
vulnrichment
vulnrichment
CVE-2024-31621
2024-04-29 00:00:00
cve
cve
CVE-2024-31621
2024-04-29 17:15:19
packetstorm
packetstorm
Flowise 1.6.5 Authentication Bypass
2024-04-19 00:00:00
nvd
nvd
CVE-2024-31621
2024-04-29 17:15:19
cvelist
cvelist
CVE-2024-31621
2024-04-29 00:00:00
zdt
zdt
Flowise 1.6.5 - Authentication Bypass Vulnerability
2024-04-21 00:00:00
exploitdb
exploitdb
Flowise 1.6.5 - Authentication Bypass
2024-04-21 00:00:00
veracode
veracode
Code Injection
2024-06-27 06:50:56
osv
osv
Flowise vulnerable to code injection via api/v1
2024-04-29 18:30:45
nuclei
nuclei
Flowise 1.6.5 - Authentication Bypass
2024-04-23 18:21:52
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
AI Score
7.5
Confidence
Low
EPSS
0.006
Percentile
78.8%
Related for GHSA-6WP6-22X5-RR3W