Assaf Levkovich

Name of the Vulnerable Software and Affected Versions: Flowise JS (affected versions not specified) Description: User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host by sending a simple POST request. The vulnerability allows for remote code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Flowise versions prior to 3.0.1 Description: Flowise, a software platform for building user interfaces over language models (LLM), has a missing authentication check for a critical function. This allows remote, unauthenticated attackers to execute arbitrary operating system commands through the Custom MCPs feature, which is designed to execute OS commands using tools like `npx`. The inherent authentication and authorization model of Flowise is minimal and lacks role-based access controls (RBAC). Active exploitation of this issue has been detected. The Custom MCPs feature executes OS commands, and the lack of authentication allows attackers to execute unsandboxed OS commands. Recommendations: Update Flowise to version 3.0.1 or later.