CVE-2024-7297

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-913
View all →

Vulnerability Description

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.

Related Vulnerabilities

CVE-2021-23267

HIGH
CVSS:8.8(High)

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

CWE-9132021

CVE-2022-39051

HIGH
CVSS:8.8(High)

Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package

CWE-9132022

CVE-2020-3419

CRITICAL
CVSS:9.1(Critical)

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerab...

CWE-9132020

CVE-2022-31764

HIGH
CVSS:8.5(High)

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3...

CWE-9132022

CVE-2017-3200

HIGH
CVSS:8.1(High)

The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitra...

CWE-9132017

CVE-2021-32813

HIGH
CVSS:8.1(High)

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this i...

CWE-9132021