CVE-2024-36420 | FlowiseAI Flowise up to 1.4.3 openai-assistants-file fileName information disclosure (GHSL-2023-232)

Posted by Angelo Barbosa | Jul 1, 2024 | CVE

A vulnerability, which was classified as problematic, was found in FlowiseAI Flowise up to 1.4.3. Affected is an unknown function of the file /api/v1/openai-assistants-file. The manipulation of the argument fileName leads to information disclosure.

This vulnerability is traded as CVE-2024-36420. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-36420 | FlowiseAI Flowise up to 1.4.3 openai-assistants-file fileName information disclosure (GHSL-2023-232)

Related Posts

CVE-2024-5633 | Longse Technology LBH30FE200W backdoor

CVE-2024-3080 | ASUS ZenWiFi XT8 improper authentication

CVE-2024-31366 | Themify Post Type Builder Plugin up to 2.0.8 on WordPress authorization

CVE-2024-40614 | EGroupware up to 17.1.20190111 ORDER BY Privilege Escalation