CVE-2024-8182

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.
References
Link Resource
https://tenable.com/security/research/tra-2024-34 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:*

History

30 Aug 2024, 13:53

Type Values Removed Values Added
First Time Flowiseai flowise
Flowiseai
References () https://tenable.com/security/research/tra-2024-34 - () https://tenable.com/security/research/tra-2024-34 - Third Party Advisory
CPE cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
Summary
  • (es) Existe una vulnerabilidad de denegación de servicio (DoS) no autenticada en la versión 1.8.2 de Flowise, lo que provoca un bloqueo completo de la instancia que ejecuta una versión vulnerable debido al manejo inadecuado de la entrada proporcionada por el usuario en el archivo “/api/v1/get-upload-file” endpoint de la API.

27 Aug 2024, 14:35

Type Values Removed Values Added
CWE CWE-400

27 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 13:15

Updated : 2024-08-30 13:53


NVD link : CVE-2024-8182

Mitre link : CVE-2024-8182

CVE.ORG link : CVE-2024-8182


JSON object : View

Products Affected

flowiseai

  • flowise
CWE
NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption