langflow@1.0.6 vulnerabilities

A Python package with a built-in web application

Known vulnerabilities in the langflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) through the manipulation of the `remaining_text` argument. An attacker can cause a denial of service condition by sending crafted inputs. How to fix Regular Expression Denial of Service (ReDoS)? There is no fixed version for `langflow`.	[0,)
H Improper Authorization langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Improper Authorization via the `/api/v1/users` endpoint. An attacker can gain super admin privileges by performing a mass assignment request. How to fix Improper Authorization? Upgrade `langflow` to version 1.0.13 or higher.	[,1.0.13)
H Improper Control of Dynamically-Managed Code Resources langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources through the `POST /api/v1/custom_component` endpoint when untrusted users provide a Python script. An attacker can execute arbitrary code on the server. How to fix Improper Control of Dynamically-Managed Code Resources? There is no fixed version for `langflow`.	[0,)