langflow@1.5.0.post2 vulnerabilities

A Python package with a built-in web application

1.5.0.post2

2 years ago

2 days ago

Known vulnerabilities in the langflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Arbitrary Code Injection langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection through any components that provided the code functionality running on the local machine rather than a sandboxed environment. An attacker can execute arbitrary code on the host system by injecting malicious code into the components. How to fix Arbitrary Code Injection? There is no fixed version for `langflow`.	[0,)
C Arbitrary Code Injection langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the `PythonCodeTool` component, due to a lack of validations. How to fix Arbitrary Code Injection? There is no fixed version for `langflow`.	[0,)
M Regular Expression Denial of Service (ReDoS) langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) through the manipulation of the `remaining_text` argument. An attacker can cause a denial of service condition by sending crafted inputs. How to fix Regular Expression Denial of Service (ReDoS)? There is no fixed version for `langflow`.	[0,)