langflow-base 0.9.1

Direct Vulnerabilities

Known vulnerabilities in the langflow-base package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the `install_mcp_config` function in the Model Context Protocol Configuration API when processing the `X-Forwarded-For` argument. An authenticated user can execute arbitrary code or inject malicious input by supplying crafted data to this argument. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? There is no fixed version for `langflow-base`.	[0,)
M Missing Authorization Affected versions of this package are vulnerable to Missing Authorization via the `download_image` endpoint. An attacker can access and download image files belonging to any flow by knowing or guessing the flow ID and file name. How to fix Missing Authorization? There is no fixed version for `langflow-base`.	[0,)
H Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `/api/v1/files/images/{flow_id}/{file_name}` endpoint, which serves SVG files with the `image/svg+xml` content type without sanitizing their content. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a crafted SVG file, potentially allowing theft of authentication tokens stored in cookies, including JWT access and refresh tokens. How to fix Cross-site Scripting (XSS)? There is no fixed version for `langflow-base`.	[0,)
H Missing Authorization Affected versions of this package are vulnerable to Missing Authorization via the `logs` and `logs-stream` endpoints. An attacker can access sensitive application log data by authenticating with basic user privileges, as these endpoints do not enforce privilege checks. How to fix Missing Authorization? There is no fixed version for `langflow-base`.	[0.0.83,)
C Arbitrary Code Injection Affected versions of this package are vulnerable to Arbitrary Code Injection through the Agentic Assistant validation process. An attacker can execute arbitrary server-side Python code by supplying input that causes the assistant to return malicious component code, which is then instantiated during validation. How to fix Arbitrary Code Injection? A fix was pushed into the `master` branch but not yet published.	[0,)
H Missing Authorization Affected versions of this package are vulnerable to Missing Authorization via the `download_image` endpoint, which allows unauthenticated access to image files by accepting `flow_id` and `file_name` as path parameters without verifying user authentication or ownership. An attacker can access sensitive image files belonging to other users by sending crafted requests with valid identifiers. How to fix Missing Authorization? A fix was pushed into the `master` branch but not yet published.	[0,)
H Deserialization of Untrusted Data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the disk cache service. An attacker can execute arbitrary code by supplying crafted data that is deserialized without proper validation. How to fix Deserialization of Untrusted Data? There is no fixed version for `langflow-base`.	[0,)
C Origin Validation Error Affected versions of this package are vulnerable to Origin Validation Error via an overly permissive CORS configuration in the `refresh` endpoint. An attacker can gain unauthorized access to authentication tokens and execute arbitrary code by enticing a victim to visit a malicious webpage that performs cross-origin requests with credentials. Note: The option was added in version 0.6.0 (used in langflow 1.6.x) to restrict allowed origins with `LANGFLOW_CORS_ORIGINS`. This will become the default behavior, with permissive settings (`origins = *`) being opt-in, in a future release. How to fix Origin Validation Error? There is no fixed version for `langflow-base`.	[0,)

Vulnerability

Vulnerable Version

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the install_mcp_config function in the Model Context Protocol Configuration API when processing the X-Forwarded-For argument. An authenticated user can execute arbitrary code or inject malicious input by supplying crafted data to this argument.

How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')?

There is no fixed version for langflow-base.

[0,)

Missing Authorization

Affected versions of this package are vulnerable to Missing Authorization via the download_image endpoint. An attacker can access and download image files belonging to any flow by knowing or guessing the flow ID and file name.

How to fix Missing Authorization?

There is no fixed version for langflow-base.

[0,)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the /api/v1/files/images/{flow_id}/{file_name} endpoint, which serves SVG files with the image/svg+xml content type without sanitizing their content. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a crafted SVG file, potentially allowing theft of authentication tokens stored in cookies, including JWT access and refresh tokens.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for langflow-base.

[0,)

Missing Authorization

Affected versions of this package are vulnerable to Missing Authorization via the logs and logs-stream endpoints. An attacker can access sensitive application log data by authenticating with basic user privileges, as these endpoints do not enforce privilege checks.

How to fix Missing Authorization?

There is no fixed version for langflow-base.

[0.0.83,)

Arbitrary Code Injection

Affected versions of this package are vulnerable to Arbitrary Code Injection through the Agentic Assistant validation process. An attacker can execute arbitrary server-side Python code by supplying input that causes the assistant to return malicious component code, which is then instantiated during validation.

How to fix Arbitrary Code Injection?

A fix was pushed into the master branch but not yet published.

[0,)

Missing Authorization

Affected versions of this package are vulnerable to Missing Authorization via the download_image endpoint, which allows unauthenticated access to image files by accepting flow_id and file_name as path parameters without verifying user authentication or ownership. An attacker can access sensitive image files belonging to other users by sending crafted requests with valid identifiers.

How to fix Missing Authorization?

A fix was pushed into the master branch but not yet published.

[0,)

Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the disk cache service. An attacker can execute arbitrary code by supplying crafted data that is deserialized without proper validation.

How to fix Deserialization of Untrusted Data?

There is no fixed version for langflow-base.

[0,)

Origin Validation Error

Affected versions of this package are vulnerable to Origin Validation Error via an overly permissive CORS configuration in the refresh endpoint. An attacker can gain unauthorized access to authentication tokens and execute arbitrary code by enticing a victim to visit a malicious webpage that performs cross-origin requests with credentials.

Note: The option was added in version 0.6.0 (used in langflow 1.6.x) to restrict allowed origins with LANGFLOW_CORS_ORIGINS. This will become the default behavior, with permissive settings (origins = *) being opt-in, in a future release.

How to fix Origin Validation Error?

There is no fixed version for langflow-base.

[0,)

langflow-base@0.9.1

A Python package with a built-in web application

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically