CVE-2024-36420

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36420

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36420.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36420

Aliases

GHSA-h997-3fxj-p5j8

Published

2024-07-01T16:15:04Z

Modified

2024-10-12T11:24:59.033084Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this issue are available.

References

Affected packages

Git / github.com/flowiseai/flowise

Affected ranges

Type: GIT
Repo: https://github.com/flowiseai/flowise
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

19e9c67d12190e80869a6ca338fb2082430614fd

Affected versions

flowise-components@1.*

flowise-components@1.0.0

flowise-components@1.1.0

flowise-components@1.1.1

flowise-components@1.2.1

flowise-components@1.2.10

flowise-components@1.2.11

flowise-components@1.2.12

flowise-components@1.2.13

flowise-components@1.2.14

flowise-components@1.2.15

flowise-components@1.2.16

flowise-components@1.2.17

flowise-components@1.2.2

flowise-components@1.2.3

flowise-components@1.2.4

flowise-components@1.2.5

flowise-components@1.2.6

flowise-components@1.2.7

flowise-components@1.2.8

flowise-components@1.2.9

flowise-components@1.3.0

flowise-components@1.3.1

flowise-components@1.3.10

flowise-components@1.3.11

flowise-components@1.3.2

flowise-components@1.3.3

flowise-components@1.3.4

flowise-components@1.3.5

flowise-components@1.3.7

flowise-components@1.3.8

flowise-components@1.3.9

flowise-components@1.4.0

flowise-components@1.4.0-rc.1

flowise-components@1.4.1

flowise-components@1.4.2

flowise-components@1.4.3

flowise-ui@1.*

flowise-ui@1.0.0

flowise-ui@1.1.0

flowise-ui@1.2.0

flowise-ui@1.2.1

flowise-ui@1.2.10

flowise-ui@1.2.11

flowise-ui@1.2.12

flowise-ui@1.2.13

flowise-ui@1.2.14

flowise-ui@1.2.15

flowise-ui@1.2.2

flowise-ui@1.2.3

flowise-ui@1.2.4

flowise-ui@1.2.5

flowise-ui@1.2.6

flowise-ui@1.2.7

flowise-ui@1.2.9

flowise-ui@1.3.0

flowise-ui@1.3.1

flowise-ui@1.3.2

flowise-ui@1.3.3

flowise-ui@1.3.4

flowise-ui@1.3.5

flowise-ui@1.3.6

flowise-ui@1.3.7

flowise-ui@1.4.0

flowise-ui@1.4.0-rc.1

flowise-ui@1.4.1

flowise@1.*

flowise@1.0.0

flowise@1.0.1

flowise@1.1.0

flowise@1.1.1

flowise@1.2.1

flowise@1.2.10

flowise@1.2.11

flowise@1.2.12

flowise@1.2.13

flowise@1.2.14

flowise@1.2.15

flowise@1.2.16

flowise@1.2.2

flowise@1.2.3

flowise@1.2.4

flowise@1.2.5

flowise@1.2.6

flowise@1.2.7

flowise@1.2.8

flowise@1.2.9

flowise@1.3.0

flowise@1.3.1

flowise@1.3.2

flowise@1.3.3

flowise@1.3.4

flowise@1.3.5

flowise@1.3.6

flowise@1.3.7

flowise@1.3.8

flowise@1.3.9

flowise@1.4.0

flowise@1.4.0-rc.1

flowise@1.4.1

flowise@1.4.2

flowise@1.4.3