CVE-2024-8182

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://tenable.com/security/research/tra-2024-34	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:*

History

30 Aug 2024, 13:53

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de denegación de servicio (DoS) no autenticada en la versión 1.8.2 de Flowise, lo que provoca un bloqueo completo de la instancia que ejecuta una versión vulnerable debido al manejo inadecuado de la entrada proporcionada por el usuario en el archivo “/api/v1/get-upload-file” endpoint de la API.
First Time		Flowiseai flowise Flowiseai
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:flowiseai:flowise:1.8.2:::::::*
References	~~() https://tenable.com/security/research/tra-2024-34 -~~	() https://tenable.com/security/research/tra-2024-34 - Third Party Advisory

27 Aug 2024, 14:35

Type	Values Removed	Values Added
CWE		CWE-400

27 Aug 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-27 13:15

Updated : 2024-08-30 13:53

NVD link : CVE-2024-8182

Mitre link : CVE-2024-8182

CVE.ORG link : CVE-2024-8182

JSON object : View

Products Affected

flowiseai

flowise

CWE

NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-8182", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "vulnreport@tenable.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-27T13:15:07.093", "references": [{"url": "https://tenable.com/security/research/tra-2024-34", "tags": ["Third Party Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the \u201c/api/v1/get-upload-file\u201d api endpoint."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en la versi\u00f3n 1.8.2 de Flowise, lo que provoca un bloqueo completo de la instancia que ejecuta una versi\u00f3n vulnerable debido al manejo inadecuado de la entrada proporcionada por el usuario en el archivo \u201c/api/v1/get-upload-file\u201d endpoint de la API."}], "lastModified": "2024-08-30T13:53:52.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D93DAF76-A697-49E1-A229-24D5498A1EC6"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}