CVE-2024-8181 – Flowise Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-8181
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. • https://tenable.com/security/research/tra-2024-33 • CWE-287: Improper Authentication •
CVE-2024-8182 – Flowise Denial of Service
https://notcve.org/view.php?id=CVE-2024-8182
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint. • https://tenable.com/security/research/tra-2024-34 • CWE-400: Uncontrolled Resource Consumption •