| Title | langflow-ai langflow <=v1.0.18 Redos |
|---|
| Description | The following code in `langflow-1.0.18\src\backend\base\langflow\interface\utils.py` could lead to a ReDoS (Regular Expression Denial of Service) attack:
```
pattern = r"\{\{(.*?)\}\}|\{([^{}]+)\}"
while True:
match = re.search(pattern, remaining_text)
```
`remaining_text` is the `prompt_request.template` parameter transmitted by the user via a POST method:
```
@router.post("/prompt", status_code=200, response_model=PromptValidationResponse)
def post_validate_prompt(prompt_request: ValidatePromptRequest):
try:
if not prompt_request.frontend_node:
return PromptValidationResponse(
input_variables=[],
frontend_node=None,
)
# Process the prompt template using direct attributes
input_variables = process_prompt_template(
template=prompt_request.template,
name=prompt_request.name,
custom_fields=prompt_request.frontend_node.custom_fields,
frontend_node_template=prompt_request.frontend_node.template,
)
return PromptValidationResponse(
input_variables=input_variables,
frontend_node=prompt_request.frontend_node,
)
except Exception as e:
logger.exception(e)
raise HTTPException(status_code=500, detail=str(e)) from e
```
|
|---|
| Source | ⚠️ https://rumbling-slice-eb0.notion.site/Remote-Redos-in-https-github-com-langflow-ai-langflow-067159ced0d5494e91b06071384969c4?pvs=4 |
|---|
| User | HRP_0 (UID 75007) |
|---|
| Submission | 09/18/2024 07:38 (2 years ago) |
|---|
| Moderation | 09/27/2024 07:32 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 278659 [Langflow up to 1.0.18 HTTP POST Request utils.py remaining_text redos] |
|---|
| Points | 17 |
|---|