CVE-2024-48061
- Source
- https://cve.org/CVERecord?id=CVE-2024-48061
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48061.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-48061
- Aliases
- Published
- 2024-11-04T23:15:04.560Z
- Modified
- 2026-04-10T05:24:03.472401Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
- References
Affected packages
Git / github.com/langflow-ai/langflow
Affected versions
v0.*
v0.0.31
v0.0.69
v0.0.70
v0.0.71
v0.0.72
v0.0.73
v0.0.74
v0.0.75
v0.0.76
v0.0.77
v0.0.78
v0.0.79
v0.0.80
v0.0.81
v0.0.82
v0.0.83
v0.0.84
v0.0.85
v0.0.86
v0.0.87
v0.0.88
v0.0.89
v0.1.0
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.4.10
v0.4.11
v0.4.12
v0.4.14
v0.4.15
v0.4.16
v0.4.17
v0.4.18
v0.4.19
v0.4.2
v0.4.20
v0.4.21
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.0a0
v0.5.0a1
v0.5.0a2
v0.5.0a3
v0.5.0a4
v0.5.0a5
v0.5.0a6
v0.5.0b0
v0.5.0b2
v0.5.0b3
v0.5.0b4
v0.5.0b5
v0.5.0b6
v0.5.1
v0.5.10
v0.5.11
v0.5.12
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.0a0
v0.6.0rc1
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.3
v0.6.3a0
v0.6.3a1
v0.6.3a2
v0.6.3a3
v0.6.3a4
v0.6.3a5
v0.6.3a6
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v1.*
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9