Homepage

lfx@0.4.0

Langflow Executor - A lightweight CLI tool for executing and serving Langflow AI flows

  • latest version

    0.4.2

  • first published

    9 months ago

  • latest version published

    12 days ago

  • licenses detected

  • View lfx package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the lfx package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Arbitrary Code Injection

    lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run.

    Affected versions of this package are vulnerable to Arbitrary Code Injection via the eval() function in the LambdaFilterComponent component. An attacker can execute arbitrary code by supplying crafted input to the affected process.

    How to fix Arbitrary Code Injection?

    There is no fixed version for lfx.

    [0,)
    • M
    Arbitrary Command Injection

    lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run.

    Affected versions of this package are vulnerable to Arbitrary Command Injection via the parse_callable_details() function in code_parser.py. An attacker can execute arbitrary system commands by supplying crafted input to this function remotely.

    How to fix Arbitrary Command Injection?

    There is no fixed version for lfx.

    [0,)
    • C
    Eval Injection

    lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run.

    Affected versions of this package are vulnerable to Eval Injection via the eval_custom_component_code function. An attacker can execute arbitrary code by supplying a crafted string that is evaluated without proper validation.

    How to fix Eval Injection?

    There is no fixed version for lfx.

    [0,)
    • H
    Arbitrary Code Injection

    lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run.

    Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by introducing custom Python code into a workflow.

    How to fix Arbitrary Code Injection?

    There is no fixed version for lfx.

    [0,)
    • C
    Arbitrary Code Injection

    lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run.

    Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root privileges by sending a specially crafted request containing malicious Python code.

    How to fix Arbitrary Code Injection?

    There is no fixed version for lfx.

    [0,)
    Go back to all versions of this package