{"id":"PYSEC-2024-177","details":"Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the \"POST /api/v1/custom_component\" endpoint and provide a Python script.","aliases":["CVE-2024-37014","GHSA-qg33-x2c5-6p44"],"modified":"2025-01-19T02:41:56.360444Z","published":"2024-06-10T20:15:15Z","references":[{"type":"REPORT","url":"https://github.com/langflow-ai/langflow/issues/1973"}],"affected":[{"package":{"name":"langflow","ecosystem":"PyPI","purl":"pkg:pypi/langflow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0a3"}]}],"versions":["0.0.31","0.0.32","0.0.33","0.0.40","0.0.44","0.0.45","0.0.46","0.0.52","0.0.53","0.0.54","0.0.55","0.0.56","0.0.57","0.0.58","0.0.61","0.0.62","0.0.63","0.0.64","0.0.65","0.0.66","0.0.67","0.0.68","0.0.69","0.0.70","0.0.71","0.0.72","0.0.73","0.0.74","0.0.75","0.0.76","0.0.78","0.0.79","0.0.80","0.0.81","0.0.83","0.0.84","0.0.85","0.0.86","0.0.87","0.0.88","0.0.89","0.1.0","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.2.0","0.2.1","0.2.10","0.2.11","0.2.12","0.2.13","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.4.0","0.4.1","0.4.10","0.4.11","0.4.12","0.4.14","0.4.15","0.4.16","0.4.17","0.4.18","0.4.19","0.4.2","0.4.20","0.4.21","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.0a0","0.5.0a1","0.5.0a2","0.5.0a3","0.5.0a4","0.5.0a5","0.5.0a6","0.5.0b0","0.5.0b2","0.5.0b3","0.5.0b4","0.5.0b5","0.5.0b6","0.5.1","0.5.10","0.5.11","0.5.12","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.0rc1","0.6.1","0.6.10","0.6.11","0.6.12","0.6.14","0.6.15","0.6.16","0.6.17","0.6.18","0.6.19","0.6.2","0.6.3","0.6.3a0","0.6.3a1","0.6.3a2","0.6.3a3","0.6.3a4","0.6.3a5","0.6.3a6","0.6.3a7","0.6.4","0.6.4a0","0.6.4a1","0.6.5","0.6.5a0","0.6.5a1","0.6.5a10","0.6.5a11","0.6.5a12","0.6.5a13","0.6.5a2","0.6.5a3","0.6.5a4","0.6.5a5","0.6.5a6","0.6.5a7","0.6.5a8","0.6.5a9","0.6.6","0.6.7","0.6.7a1","0.6.7a2","0.6.7a3","0.6.7a5","0.6.8","0.6.9","1.0.0a0","1.0.0a1","1.0.0a2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/langflow/PYSEC-2024-177.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}