CVE-2024-48061

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-48061

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48061.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-48061

Aliases

GHSA-5p5r-57fx-pmfr

Published

2024-11-04T23:15:04.560Z

Modified

2025-11-20T12:32:21.681071Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.

References

Affected packages

Git / github.com/langflow-ai/langflow

Affected ranges

Type: GIT
Repo: https://github.com/langflow-ai/langflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f18c4e90795fa34e776461fc4a00d2574400a002

Affected versions

v0.*

v0.0.19

v0.0.20

v0.0.21

v0.0.22

v0.0.23

v0.0.24

v0.0.31

v0.0.32

v0.0.33

v0.0.40

v0.0.44

v0.0.45

v0.0.46

v0.0.52

v0.0.53

v0.0.54

v0.0.55

v0.0.56

v0.0.57

v0.0.58

v0.0.61

v0.0.62

v0.0.63

v0.0.64

v0.0.65

v0.0.66

v0.0.67

v0.0.68

v0.0.69

v0.0.70

v0.0.71

v0.0.72

v0.0.73

v0.0.74

v0.0.75

v0.0.76

v0.0.77

v0.0.78

v0.0.79

v0.0.80

v0.0.81

v0.0.82

v0.0.83

v0.0.84

v0.0.85

v0.0.86

v0.0.87

v0.0.88

v0.0.89

v0.1.0

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.2.0

v0.2.1

v0.2.10

v0.2.11

v0.2.12

v0.2.13

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.2.8

v0.2.9

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.4.0

v0.4.1

v0.4.10

v0.4.11

v0.4.12

v0.4.14

v0.4.15

v0.4.16

v0.4.17

v0.4.18

v0.4.19

v0.4.2

v0.4.20

v0.4.21

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.0

v0.5.0a0

v0.5.0a1

v0.5.0a2

v0.5.0a3

v0.5.0a4

v0.5.0a5

v0.5.0a6

v0.5.0b0

v0.5.0b2

v0.5.0b3

v0.5.0b4

v0.5.0b5

v0.5.0b6

v0.5.1

v0.5.10

v0.5.11

v0.5.12

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.0a0

v0.6.0rc1

v0.6.1

v0.6.10

v0.6.11

v0.6.12

v0.6.13

v0.6.14

v0.6.15

v0.6.16

v0.6.17

v0.6.18

v0.6.19

v0.6.2

v0.6.3

v0.6.3a0

v0.6.3a1

v0.6.3a2

v0.6.3a3

v0.6.3a4

v0.6.3a5

v0.6.3a6

v0.6.3a7

v0.6.4

v0.6.4a0

v0.6.4a1

v0.6.5

v0.6.5a0

v0.6.5a1

v0.6.5a10

v0.6.5a11

v0.6.5a12

v0.6.5a13

v0.6.5a2

v0.6.5a3

v0.6.5a4

v0.6.5a5

v0.6.5a6

v0.6.5a7

v0.6.5a8

v0.6.5a9

v0.6.6

v0.6.7

v0.6.7a1

v0.6.7a2

v0.6.7a3

v0.6.7a5

v0.6.8

v0.6.9

v1.*

v1.0.0

v1.0.0a11

v1.0.0a12

v1.0.0a13

v1.0.0a14

v1.0.0a15

v1.0.0a17

v1.0.0a18

v1.0.0a19

v1.0.0a20

v1.0.0a21

v1.0.0a22

v1.0.0a23

v1.0.0a24

v1.0.0a26

v1.0.0a27

v1.0.0a28

v1.0.0a29

v1.0.0a30

v1.0.0a31

v1.0.0a32

v1.0.0a33

v1.0.0a34

v1.0.0a35

v1.0.0a36

v1.0.0a37

v1.0.0a38

v1.0.0a4

v1.0.0a40

v1.0.0a41

v1.0.0a42

v1.0.0a43

v1.0.0a44

v1.0.0a45

v1.0.0a46

v1.0.0a47

v1.0.0a48

v1.0.0a49

v1.0.0a5

v1.0.0a50

v1.0.0a51

v1.0.0a52

v1.0.0a53

v1.0.0a55

v1.0.0a56

v1.0.0a57

v1.0.0a58

v1.0.0a59

v1.0.0a6

v1.0.0a60

v1.0.0a7

v1.0.0a8

v1.0.0rc0

v1.0.0rc1

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48061.json"