Lucene search

GoogleOSV:GHSA-48X4-MX8F-GR4H

HistoryAug 27, 2024 - 3:32 p.m.

Flowise Unauthenticated Denial of Service (DoS) vulnerability

2024-08-2715:32:51

Google

osv.dev

flowise

denial of service

vulnerability

version 1.8.2

api

user input

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the /api/v1/get-upload-file api endpoint.

References

github.com/FlowiseAI/Flowise

nvd.nist.gov/vuln/detail/CVE-2024-8182

tenable.com/security/research/tra-2024-34

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for OSV:GHSA-48X4-MX8F-GR4H