5 matches found
PYSEC-2025-125
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...
@codedungeon/gunner (>=0.0.1 <=0.80.1), @codedungeon/laravel-versions-cli (>=0.0.3 <=0.1.0) +74 more potentially affected by CVE-2020-8298 via fs-path (>=0.0.22 <=0.0.24)
fs-path NPM version =0.0.22, =0.0.1, =0.0.3, =0.0.9, =1.0.2, =1.0.1, =0.0.1, =1.0.0, =1.0.0, =0.0.40, =1.0.1, =0.0.1, =1.0.1, =0.1.0, =1.0.0, =1.0.2 and more Source cves: CVE-2020-8298 Source advisory: OSV:GHSA-8MRF-64FW-2X75...
GHSA-GC94-6W89-HPQR Command Injection in fs-path
All versions of fs-path are vulnerable to command injection is unsanitized user input is passed in. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available...
@codedungeon/gunner (>=0.0.1 <=0.80.1), @codedungeon/laravel-versions-cli (>=0.0.3 <=0.1.0) +74 more potentially affected by unknown CVE via fs-path (>=0.0.22 <=0.0.24)
fs-path NPM version =0.0.22, =0.0.1, =0.0.3, =0.0.9, =1.0.2, =1.0.1, =0.0.1, =1.0.0, =1.0.0, =0.0.40, =1.0.1, =0.0.1, =1.0.1, =0.1.0, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-GC94-6W89-HPQR...
Command Injection in fs-path
All versions of fs-path are vulnerable to command injection is unsanitized user input is passed in. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available...