SB2024082819 - Multiple vulnerabilities in Flowise

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2024-8182)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the "/api/v1/get-upload-file" api endpoint. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

2) Improper Authentication (CVE-ID: CVE-2024-8181)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://tenable.com/security/research/tra-2024-34
• https://tenable.com/security/research/tra-2024-22-0