Lucene search

TenableVULNRICHMENT:CVE-2024-8182

HistoryAug 27, 2024 - 1:09 p.m.

CVE-2024-8182 Flowise Denial of Service

2024-08-2713:09:02

tenable

github.com

unauthenticated

dos

vulnerability

flowise

improper input

handling

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.7%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:flowiseai:flowise:-:*:*:*:*:*:*:*"
    ],
    "vendor": "flowiseai",
    "product": "flowise",
    "versions": [
      {
        "status": "affected",
        "version": "1.8.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

tenable.com/security/research/tra-2024-34

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.7%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-8182