Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2024-07-30T16:13:48.008Z

Updated: 2024-08-01T21:52:31.427Z

Reserved: 2024-07-30T15:07:37.840Z

Link: CVE-2024-7297

cve-icon Vulnrichment

Updated: 2024-08-01T21:52:31.427Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-30T17:15:14.513

Modified: 2024-11-21T09:51:14.313

Link: CVE-2024-7297

cve-icon Redhat

No data.