{"id":"PYSEC-2024-279","details":"langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.","aliases":["CVE-2024-42835","GHSA-56m6-4mhw-h3g5"],"modified":"2026-05-21T15:00:15.369050704Z","published":"2024-10-31T14:15:05.610Z","references":[{"type":"REPORT","url":"https://github.com/langflow-ai/langflow/issues/2908"}],"affected":[{"package":{"name":"langflow","ecosystem":"PyPI","purl":"pkg:pypi/langflow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.0.12"}]}],"versions":["0.0.31","0.0.32","0.0.33","0.0.40","0.0.44","0.0.45","0.0.46","0.0.52","0.0.53","0.0.54","0.0.55","0.0.56","0.0.57","0.0.58","0.0.61","0.0.62","0.0.63","0.0.64","0.0.65","0.0.66","0.0.67","0.0.68","0.0.69","0.0.70","0.0.71","0.0.72","0.0.73","0.0.74","0.0.75","0.0.76","0.0.78","0.0.79","0.0.80","0.0.81","0.0.83","0.0.84","0.0.85","0.0.86","0.0.87","0.0.88","0.0.89","0.1.0","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.2.0","0.2.1","0.2.10","0.2.11","0.2.12","0.2.13","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.4.0","0.4.1","0.4.10","0.4.11","0.4.12","0.4.14","0.4.15","0.4.16","0.4.17","0.4.18","0.4.19","0.4.2","0.4.20","0.4.21","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.0a0","0.5.0a1","0.5.0a2","0.5.0a3","0.5.0a4","0.5.0a5","0.5.0a6","0.5.0b0","0.5.0b2","0.5.0b3","0.5.0b4","0.5.0b5","0.5.0b6","0.5.1","0.5.10","0.5.11","0.5.12","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.0rc1","0.6.1","0.6.10","0.6.11","0.6.12","0.6.14","0.6.15","0.6.16","0.6.17","0.6.18","0.6.19","0.6.2","0.6.3","0.6.3a0","0.6.3a1","0.6.3a2","0.6.3a3","0.6.3a4","0.6.3a5","0.6.3a6","0.6.3a7","0.6.4","0.6.4a0","0.6.4a1","0.6.5","0.6.5a0","0.6.5a1","0.6.5a10","0.6.5a11","0.6.5a12","0.6.5a13","0.6.5a2","0.6.5a3","0.6.5a4","0.6.5a5","0.6.5a6","0.6.5a7","0.6.5a8","0.6.5a9","0.6.6","0.6.7","0.6.7a1","0.6.7a2","0.6.7a3","0.6.7a5","0.6.8","0.6.9","1.0.0","1.0.0a0","1.0.0a1","1.0.0a10","1.0.0a11","1.0.0a12","1.0.0a13","1.0.0a14","1.0.0a15","1.0.0a17","1.0.0a18","1.0.0a19","1.0.0a2","1.0.0a20","1.0.0a21","1.0.0a22","1.0.0a23","1.0.0a24","1.0.0a25","1.0.0a26","1.0.0a27","1.0.0a28","1.0.0a29","1.0.0a3","1.0.0a30","1.0.0a31","1.0.0a32","1.0.0a33","1.0.0a34","1.0.0a35","1.0.0a36","1.0.0a37","1.0.0a38","1.0.0a39","1.0.0a4","1.0.0a40","1.0.0a41","1.0.0a42","1.0.0a43","1.0.0a44","1.0.0a45","1.0.0a46","1.0.0a47","1.0.0a48","1.0.0a49","1.0.0a5","1.0.0a50","1.0.0a51","1.0.0a52","1.0.0a53","1.0.0a55","1.0.0a56","1.0.0a57","1.0.0a58","1.0.0a59","1.0.0a6","1.0.0a60","1.0.0a61","1.0.0a7","1.0.0a8","1.0.0a9","1.0.0rc0","1.0.0rc1","1.0.1","1.0.10","1.0.11","1.0.12","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/langflow/PYSEC-2024-279.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}