CVE-2024-7297

Summary

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.

Affected Software

VendorProductVersion RangeStatus
0 < 1.0.13affected

Weaknesses

  • CWE-913: CWE-913 Improper Control of Dynamically-Managed Code Resources

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References