CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-37014

Critical Severity
Langflow
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.02498/1

CVE-2024-37014: Langflow Remote Code Execution Vulnerability. This flaw in Langflow versions up to 0.6.19 permits remote code execution if unauthorized users can access the "POST /api/v1/custom_component" endpoint and inject malicious Python scripts. With a high SOCRadar Vulnerability Risk Score (SVRS) of 84, this vulnerability is considered critical and requires immediate attention. This indicates active exploitation in the wild and potential for significant damage. Exploitation could lead to complete system compromise, data theft, or denial of service. Addressing CVE-2024-37014 is crucial for maintaining the security and integrity of systems using vulnerable Langflow versions. This critical vulnerability highlights the importance of proper access controls and input validation in web applications.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-06-10
LAST MODIFIED2024-06-12

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-37014 | Langflow up to 0.6.19 HTTP POST Request /api/v1/custom_component Privilege Escalation
vuldb.com2024-06-10
CVE-2024-37014 | Langflow up to 0.6.19 HTTP POST Request /api/v1/custom_component Privilege Escalation | A vulnerability was found in Langflow up to 0.6.19. It has been rated as critical. This issue affects some unknown processing of the file /api/v1/custom_component of the component HTTP POST Request Handler. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-37014<
vuldb.com
rss
forum
news

Social Media

CVE-2024-37014 (CVSS:9.8, CRITICAL) is Analyzed. Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_compo..https://t.co/2ddxIDRizc #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
CVE-2024-37014 Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. https://t.co/VNdml6GBQf
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppLangflowlangflow

References

ReferenceLink
[email protected]https://github.com/langflow-ai/langflow/issues/1973

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence