admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2025-04-09 20:17:23 +08:00 committed by GitHub
parent d7656260fd
commit e9f9732284
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
GobyVuls-Document.md
View File

@ -1,6 +1,21 @@
# Goby History Update Vulnerability Total Document (Continuously Update) # Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing. The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: April 9, 2025**
## Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248)
| **Vulnerability** | Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248)|
| :----: | :-----|
| **Chinese name** | Langflow /api/v1/validate/code 代码执行漏洞CVE-2025-3248 |
| **CVSS core** | 7.80 |
| **FOFA Query** (click to view the results directly)| [product="LOGSPACE-LangFlow"]
| **Number of assets affected** | 2448 |
| **Description** |LangFlow is a low-code visual AI application development tool based on Python, focusing on the development of Multi-Agent AI, Prompt Engineering, and Retrieval-Augmented Generation (RAG) applications. Versions prior to 1.3.0 are vulnerable to code injection in the /api/v1/validate/code endpoint. Remote and unauthenticated attackers can send crafted HTTP requests to execute arbitrary code.|
| **Impact** | Versions prior to 1.3.0 are vulnerable to code injection in the /api/v1/validate/code endpoint. Remote and unauthenticated attackers can send crafted HTTP requests to execute arbitrary code, potentially leading to full server control.|
| **Affected versions** | <1.3.0
![](https://s3.bmp.ovh/imgs/2025/04/09/01613b486fcc5f6e.gif)
**Updated document date: March 12, 2025** **Updated document date: March 12, 2025**
## Apache Tomcat Remote Command Execution Vulnerability (CVE-2025-24813) ## Apache Tomcat Remote Command Execution Vulnerability (CVE-2025-24813)