Langflow Code Injection Vulnerability Allowing Remote Code Execution

A code injection vulnerability has been identified in Langflow versions prior to 1.3.0, specifically in the '/api/v1/validate/code' endpoint. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code on the server by sending crafted HTTP requests. The issue arises because the endpoint processes user input using Python's 'exec' function without proper sanitization, enabling attackers to exploit Python's features, such as decorators, for malicious purposes.

Impact

Exploitation of this vulnerability leads to unauthorized remote code execution on the server where Langflow is running.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/api/v1/validate/code' endpoint with a payload that includes a Python function definition. The payload must be crafted to include malicious code, such as a reverse shell command, which will be executed on the server. This can be done using tools like curl or Postman.

Remediation

Users are advised to upgrade to Langflow version 1.3.0 or later, as this version patches the vulnerability by adding authentication to the '/api/v1/validate/code' endpoint. For instances that cannot be immediately upgraded, consider restricting network access to the application.