4 matches found
UNIX Symbolic Link (Symlink) Following
Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the BaseFileComponent.unpackbundle function. An attacker can access arbitrary fil...
Missing Authentication for Critical Function
Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the createuploadfile function. An attacker can exhaust server disk space...
Brute Force
Overview netunicorn-library is a netunicorn contrib library Affected versions of this package are vulnerable to Brute Force. An attacker could gain unauthorized access by exploiting this vulnerability. Remediation Upgrade netunicorn-library to version 0.4.2 or higher. References - GitHub Commit -...
UBUNTU-CVE-2021-32839
sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. On...