7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-8182

GHSA ID

GHSA-48x4-mx8f-gr4h

EPSS Score

0.266%

CWE

CWE-400

Published

8/27/2024

Updated

8/27/2024

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-8182

CVE-2024-8182: Flowise Unauthenticated Denial of Service (DoS) vulnerability

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the /api/v1/get-upload-file api endpoint.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-8182

CVE-2024-8182:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-8182

GHSA ID

GHSA-48x4-mx8f-gr4h

EPSS Score

0.266%

CWE

CWE-400

Published

8/27/2024

Updated

8/27/2024

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
flowise	npm	<= 1.8.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

While no explicit code is available, the vulnerability centers on improper input handling in the /api/v1/get-upload-file endpoint. In Express.js applications, this would map to a route handler function. The CWE-400 classification suggests uncontrolled resource consumption, likely from processing malicious upload requests without validation. Confidence is medium due to lack of direct code references, but the endpoint mapping and vulnerability pattern strongly indicate the route handler as the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-8182: Flowise Unauthenticated Denial of Service (DoS) vulnerability

CVE-2024-8182:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

7.5

7.5

Technical Details

CVE-2024-8182: Flowise Unauthenticated Denial of Service (DoS) vulnerability

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI