CVE-2024-36420

CVSS V2 None CVSS V3 None
Description
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1/openai-assistants-file` endpoint in `index.ts` is vulnerable to arbitrary file read due to lack of sanitization of the `fileName` body parameter. No known patches for this issue are available.
Overview
  • CVE ID
  • CVE-2024-36420
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-07-01T15:53:14.900Z
  • Last Modified Date
  • 2024-07-01T21:02:00.362Z
History
Created Old Value New Value Data Type Notes
2024-07-02 13:08:14 Added to TrackCVE