We use cookies to improve your experience on our site.
AVID-2026-R1524
Description
Vulnerability CVE-2024-42835
Details
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
Reason for inclusion in AVID: CVE-2024-42835 describes a remote code execution vulnerability in LangFlow’s PythonCodeTool (v1.0.12). LangFlow is used to build AI workflows and pipelines, making this a vulnerability in a software component commonly used to deploy/run AI systems. It directly affects AI tooling and could compromise AI pipelines, aligning with software supply chain risk in GPAI environments. The CVE evidence and references confirm the vulnerability and its impact.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-10-31
- Version: 0.3.3
- AVID Entry