Langflow-AI Code Injection Vulnerability in Lambda Filter Component

A code injection vulnerability has been identified in Langflow-AI versions prior to 1.8.4. The issue resides in the LambdaFilterComponent, specifically within the eval function of the lambda_filter.py file. This vulnerability allows for remote code execution by manipulating the input processed by the Smart Transform feature, which enables users to create Python lambdas that are executed without proper validation or sandboxing. The flaw arises from a combination of inadequate input validation, the use of eval() without execution restrictions, and the potential for prompt injection into the language model.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Langflow is running.

Reproduction

To reproduce this vulnerability, first ensure that Langflow version 1.8.3 or earlier is installed. Create a new Flow and add the Smart Transform component. In the instructions field, inject a malicious payload designed to exploit the code execution flaw, such as a lambda that executes system commands or opens a reverse shell. Once the Flow is executed, the injected code will be executed on the server, demonstrating the vulnerability.

Remediation

Langflow users are advised to update to version 1.8.4 or later, where this vulnerability has been addressed.