{"data":{"id":"799da888-075b-4c14-ace2-3d91fcf3e218","title":"CVE-2024-7297: Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged","summary":"Langflow versions before 1.0.13 have a privilege escalation vulnerability (a security flaw where an attacker gains higher access rights than they should have) that lets a remote attacker with low privileges become a super admin by sending a specially crafted request to the '/api/v1/users' endpoint using mass assignment (a technique where an attacker modifies multiple fields at once by exploiting how the application handles user input).","solution":"Upgrade Langflow to version 1.0.13 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-7297","publishedAt":"2024-07-30T21:15:14.513Z","cveId":"CVE-2024-7297","cweIds":["CWE-913"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00262,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}