Lucene search

Veracode Vulnerability DatabaseVERACODE:48616

HistoryAug 28, 2024 - 4:09 a.m.

Denial Of Service (DoS)

2024-08-2804:09:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

flowise

software vulnerability

user input

api endpoint

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Flowise is vulnerable to Denial of Service (DoS). The vulnerability is due to improper handling of user-supplied input to the /api/v1/get-upload-file API endpoint, which allows an attacker to crash the instance running the vulnerable version.

References

github.com/advisories/GHSA-48x4-mx8f-gr4h

tenable.com/security/research/tra-2024-34

www.tenable.com/security/research/tra-2024-34

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for VERACODE:48616