CVE-2024-37014 Information

Description

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the \POST /api/v1/custom_component\ endpoint and provide a Python script.

Reference

https://github.com/langflow-ai/langflow/issues/1973