Langflow Arbitrary File Write Vulnerability Leading to Remote Code Execution

A vulnerability in Langflow versions 1.2.0 through 1.8.1 allows authenticated users to bypass filename validation, leading to arbitrary file write capabilities. This issue arises from the 'LocalStorageService' not enforcing proper boundary checks, allowing files to be written anywhere on the host system via the 'POST /api/v2/files/' endpoint. The vulnerability can be exploited to achieve remote code execution. In version 1.9.0, this vulnerability has been addressed.

Impact

Exploitation of this vulnerability allows authenticated users to write files anywhere on the host system, potentially overwriting critical system files or injecting malicious Python components. This could lead to full remote code execution on the host server.

Reproduction

The vulnerability can be reproduced by uploading a file through the 'POST /api/v2/files/' endpoint using a multipart request. The filename can be crafted to include directory traversal characters, bypassing the application's filename validation and writing the file outside the user's designated storage directory. This can be done using a Python script that authenticates with the application and sends a file with a traversed filename.

Remediation

Users can update to Langflow version 1.9.0 or later, where this vulnerability has been fixed.