langflow-base 1.11.0.dev14

Direct Vulnerabilities

Known vulnerabilities in the langflow-base package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the `install_mcp_config` function in the Model Context Protocol Configuration API when processing the `X-Forwarded-For` argument. An authenticated user can execute arbitrary code or inject malicious input by supplying crafted data to this argument. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? There is no fixed version for `langflow-base`.	[0,)
M Missing Authorization Affected versions of this package are vulnerable to Missing Authorization via the `download_image` endpoint. An attacker can access and download image files belonging to any flow by knowing or guessing the flow ID and file name. How to fix Missing Authorization? There is no fixed version for `langflow-base`.	[0,)
H Missing Authorization Affected versions of this package are vulnerable to Missing Authorization via the `logs` and `logs-stream` endpoints. An attacker can access sensitive application log data by authenticating with basic user privileges, as these endpoints do not enforce privilege checks. How to fix Missing Authorization? There is no fixed version for `langflow-base`.	[0.0.83,)
H Deserialization of Untrusted Data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the disk cache service. An attacker can execute arbitrary code by supplying crafted data that is deserialized without proper validation. How to fix Deserialization of Untrusted Data? There is no fixed version for `langflow-base`.	[0,)

Vulnerability

Vulnerable Version

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the install_mcp_config function in the Model Context Protocol Configuration API when processing the X-Forwarded-For argument. An authenticated user can execute arbitrary code or inject malicious input by supplying crafted data to this argument.

How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')?

There is no fixed version for langflow-base.

[0,)

Missing Authorization

Affected versions of this package are vulnerable to Missing Authorization via the download_image endpoint. An attacker can access and download image files belonging to any flow by knowing or guessing the flow ID and file name.

How to fix Missing Authorization?

There is no fixed version for langflow-base.

[0,)

Missing Authorization

Affected versions of this package are vulnerable to Missing Authorization via the logs and logs-stream endpoints. An attacker can access sensitive application log data by authenticating with basic user privileges, as these endpoints do not enforce privilege checks.

How to fix Missing Authorization?

There is no fixed version for langflow-base.

[0.0.83,)

Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the disk cache service. An attacker can execute arbitrary code by supplying crafted data that is deserialized without proper validation.

How to fix Deserialization of Untrusted Data?

There is no fixed version for langflow-base.

[0,)

langflow-base@1.11.0.dev14

A Python package with a built-in web application

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically