CRITICAL 9.8

PYSEC-2025-36

상세

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / langflow

최초 영향 버전: 0 수정 버전: 1.3.0

수정 pip install --upgrade 'langflow>=1.3.0'

참고

https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/ [WEB]
https://github.com/langflow-ai/langflow/pull/6911 [FIX]
https://github.com/langflow-ai/langflow/releases/tag/1.3.0 [WEB]