flowise@1.3.2

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updateAssistant and createAssistant handlers in the assistant service. An attacker can reassign an assistant to a different workspace or overwrite server-managed fields by sending a crafted update or create request with properties such as workspaceId, id, or timestamp fields. This lets the attacker take control of assistant records outside their intended workspace, exposing, corrupting, or detaching assistant data from the user’s organization.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains through the generateTextToSpeech handler in the text-to-speech endpoint. An attacker can make a victim’s browser send authenticated requests from any webpage by calling the TTS generate API, causing the browser to accept the response under a wildcard CORS policy. This lets an untrusted site invoke the text-to-speech endpoint using the user’s credentials and read the resulting stream, exposing the generated audio and any data returned by the request to the attacker.

Notes

• The bypass is specific to the TTS generate route because it carries chatflowId in the request body rather than the URL path, so origin checks that only inspect path-based chatflow routes do not cover this endpoint.
• The hardcoded wildcard applies even when the server’s configured CORS allowlist is restrictive, so deployments relying on getCorsOptions() for origin control are still exposed on this route.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Access Control Bypass via the via POST /api/v1/account/login and POST /api/v1/account/invite endpoints. An attacker can gain access to arbitrary bcrypt password hash, tempToken, and tokenExpiry, including privileged accounts.

Note:

This issue is due to incomplete fix for CVE-2025-58434.

There is no fixed version for flowise.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Missing Authorization on the /api/v1/openai-assistants-vector-store API. Any user can manipulate, delete, or exfiltrate data by sending authenticated requests to the affected endpoints without proper permission checks.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/v1/variables endpoint. A user can modify internal attributes such as workspaceId, createdDate, and updatedDate by including them in the request body, resulting in unauthorized reassignment of resources across workspaces and potential bypass of tenant isolation in multi-workspace environments.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over data across different workspaces by supplying JSON bodies that overwrite ownership fields such as workspaceId or id during create or update operations. This allows the attacker to move dataset rows between workspaces they do not belong to, exposing sensitive data to unintended parties and breaking workspace isolation. This is only exploitable if the attacker is an authenticated user with edit permissions for the target dataset row and can enumerate or guess valid workspace UUIDs.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/v1/tools endpoint when the server fails to validate and restrict client-supplied fields in the request body. An attacker can modify sensitive fields such as workspaceId, createdDate, and updatedDate by including them in the request, resulting in unauthorized reassignment of resources across workspaces and manipulation of metadata. This is only exploitable if the deployment is configured for multi-tenant or multi-workspace environments.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Insufficiently Protected Credentials with the credentialName filter parameter, over the credentials API endpoint. An attacker can access encryptedData, containing encrypted credential data such as API keys, passwords, and tokens, by making authenticated requests that include this filter. If the attacker also obtains the encryption key file, they can fully decrypt and steal sensitive credentials.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes over the /api/v1/chatflows endpoint. A user can gain unauthorized access to and modify sensitive attributes, such as deployment status, visibility, workspace assignment, and metadata, by including additional fields in the request body, such as:

• deployed

• isPublic

• workspaceId

• createdDate

• updatedDate

• category

• type

This enables cross-workspace resource reassignment and unauthorized changes to deployment and visibility settings.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Arbitrary Code Injection via the node-custom-function endpoint when user-supplied JavaScript is executed in a NodeVM sandbox without sufficient route-level authorization. A user can execute commands on the server by submitting malicious JavaScript code that escapes the sandbox and gains access to the host process object, which can run code as a child_process. This vulnerability only occurs when E2B_APIKEY is not set. It is not set by default.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the PUT /api/v1/assistants/{assistantId} endpoint, when the server fails to validate and restrict modifications to server-controlled fields in the request body. An attacker can reassign resources across workspaces and alter internal metadata by submitting crafted JSON payloads containing unauthorized fields.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Brute Force due to the use of the checkBasicAuth() function for checking credentials. An attacker can enumerate valid credentials by sending repeated authentication attempts without restriction, exploiting the lack of rate limiting and plaintext credential comparison.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to datasets across different workspaces by supplying crafted values for sensitive fields such as workspaceId or id in API requests. This allows the attacker to move datasets between workspaces, exposing sensitive data to unauthorized users and causing loss of access for the original workspace. This is only exploitable if the attacker is an authenticated user with edit permissions for a dataset and can enumerate or guess valid workspace UUIDs.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over assistants across different workspaces by supplying crafted JSON bodies that overwrite the workspaceId field during assistant creation or update. This allows the attacker to move assistants between workspaces they do not belong to, exposing sensitive configuration and credentials to unauthorized users. This is only exploitable if the attacker is an authenticated user with permission to update or create assistants and can enumerate target workspace UUIDs.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over evaluation data across different workspaces by supplying crafted JSON bodies that overwrite ownership fields such as workspaceId or id during entity creation or update. This allows the attacker to move evaluations between workspaces, exposing sensitive data to unauthorized users and breaking workspace isolation. This is only exploitable if the attacker is an authenticated user with permission to update or create evaluations and can enumerate or guess valid workspace UUIDs.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over resources belonging to other workspaces by supplying crafted values for sensitive fields such as workspaceId or id in the request body. This is only exploitable if the attacker is an authenticated user with permission to update a custom template and can enumerate or guess valid workspace UUIDs.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over resources belonging to other workspaces by supplying crafted values for sensitive fields such as workspaceId or id in the request body. This is only exploitable if the attacker is an authenticated user with permission to update or create an evaluator entity.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the server by bypassing command flag blacklists and local file access restrictions through crafted arguments to the MCP interface. This is only exploitable if the attacker has an account or API access with view and update permissions for chatflows, and the deployment environment has the required commands (such as docker or npx) available.

Upgrade flowise to version 3.1.2 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Missing Authorization in the /api/v1/public-chatbotConfig/:id endpoint in chatbotConfig. An attacker can access sensitive credentials, including API keys and authorization headers, by sending unauthenticated requests with knowledge of a chatflow UUID.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Arbitrary File Upload in the createAttachment in Chatflow. An attacker can upload and persistently store malicious JavaScript files on the server by bypassing MIME type validation, which may lead to the execution of arbitrary code if the uploaded file is triggered.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the public-chatbotConfig and oauth2-credential/refresh endpoints. An attacker can obtain OAuth 2.0 access tokens for third-party services by retrieving internal workflow data and refreshing credentials without authentication. This is only exploitable if a self-hosted instance is configured with public chatflows that use OAuth 2.0 credentials.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the weak default TOKEN_HASH_SECRET. An attacker can access sensitive internal identifiers by decrypting the meta field in JWT tokens when the default secret is used, potentially enabling privilege escalation or unauthorized data access by manipulating token metadata.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Use of Hard-coded Credentials due to the use of a weak default value for the secret parameter in session management when the EXPRESS_SESSION_SECRET environment variable is not set. An attacker can impersonate any user and bypass authentication by forging valid session cookies.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the account registration endpoint. An attacker can manipulate server-managed fields and associate new accounts with existing organizations by injecting additional fields and nested objects in the registration request.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information through the AccountService in account.service.ts. An attacker can cause password reset, verification, registration, and invite emails to contain http:// links by influencing deployments that set APP_URL to an insecure origin, allowing token-bearing URLs to be sent over plaintext transport.Those links expose reset, verification, and registration tokens to interception or tampering before the user follows them, potentially leading to account takeover or unauthorized access to the workspace.

Workarounds

• Set APP_URL to an https:// origin before sending password reset, verification, registration, or invite emails so token-bearing links are not generated over plaintext HTTP.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the getHttpDenyList process in httpSecurity.ts. An attacker can reach internal or otherwise denied HTTP endpoints by supplying requests that rely on the HTTP deny list by using built-in modules such as http, https, or net. This leaves deployments exposed to server-side request forgery against services that operators expected to be blocked, allowing access to internal network resources and any data or actions those endpoints expose.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuration in a prediction request. This lets the attacker override restricted inputs, including file-backed inputs, into the runtime flow and alter how the server processes the request.

Notes

• The RCE path in the maintainer's advisory depends on NODE_OPTIONS being accepted inside the overridden mcpServerConfig.
• The bypass only matters when API Override is enabled on a publicly reachable chatflow, because that is what allows request-supplied override JSON to reach the parameter-merging logic.

Workarounds

• Disable API Override for chatflows that do not need user-supplied configuration overrides, so attackers cannot supply crafted overrideConfig values to bypass parameter restrictions.
• Keep the chatflow private instead of making it public, so unauthenticated users cannot send the single-request payload needed to reach the override path.
• Remove or avoid Custom MCP nodes in exposed chatflows, so attackers cannot use mcpServerConfig overrides to inject NODE_OPTIONS and execute arbitrary commands.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators, by crafting valid JWTs using publicly known default secrets. This is only exploitable if the environment variables for JWT secrets are not explicitly set and the application is deployed with default values.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Arbitrary Code Injection via the customReadCSVFunc process. An attacker can execute arbitrary code on the server by supplying malicious input that is interpolated and executed without proper sanitization. This is only exploitable if the attacker is authenticated or can bypass authentication by providing the "x-request-from: internal" header when FLOWISE_USERNAME and FLOWISE_PASSWORD are not set.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the Airtable_Agents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the server by crafting malicious prompts or responses that bypass input validation, leading to the execution of system commands with the privileges of the server process. This can be achieved by sending specially crafted requests to chatflows using the Airtable Agent node, or by configuring a chatflow to use an attacker-controlled server or Airtable table.

Upgrade flowise to version 3.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the LoginMethodController implementation. An attacker can overwrite another organization’s SSO/OAuth configuration and potentially take over enterprise logins by sending an authenticated crafted request that specifies a target organizationId.

Upgrade flowise to version 3.0.13 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Access Control Bypass in the middleware that processes requests to /api/v1 endpoints. An attacker can gain unauthorized access to internal administration APIs by spoofing the x-request-from header as 'internal' while possessing a valid session cookie. This allows privilege escalation, including actions such as creating API keys, accessing credential stores, and executing custom functions.

Upgrade flowise to version 3.0.13 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Arbitrary File Upload via the /api/v1/attachments/:chatflowId/:chatId endpoint, which allows unauthenticated file uploads by trusting the client-supplied MIME type without verifying the actual file content or extension. An attacker can upload arbitrary files, including executable scripts or web shells, by spoofing the Content-Type header, potentially leading to remote code execution or client-side attacks such as stored script execution when files are accessed.

Upgrade flowise to version 3.0.13 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the Object.assign function. An attacker can manipulate internal entity fields such as id, createdDate, and chatId by including them in the request body to the /api/v1/leads endpoint, thereby bypassing server-side auto-generation and validation. This allows unauthorized users to control sensitive attributes, potentially leading to data integrity violations, audit trail manipulation, and business logic bypasses by sending crafted requests to the public API endpoint.

Upgrade flowise to version 3.0.13 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the WHITELIST_URLS configuration, which allows unauthenticated access to privileged endpoints under /api/v1/nvidia-nim/*. An attacker can obtain valid NVIDIA API tokens, manipulate container runtimes, and access sensitive information by sending unauthenticated requests to these endpoints.

Upgrade flowise to version 3.0.13 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the /api/v1/account/forgot-password entripoint. An attacker can obtain sensitive user information, including identifiers, names, email addresses, account status, and timestamps, by sending an unauthenticated password reset request.

Upgrade flowise to version 3.0.13 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of insufficient bcrypt salt rounds in the getHash() function. An attacker can significantly reduce the time required to crack password hashes by performing brute-force attacks if they gain access to the hashed passwords.

Upgrade flowise to version 3.0.13 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate active session tokens after a password change. An attacker can maintain unauthorized access by continuing to use a previously established session even after the legitimate user updates their credentials.

Upgrade flowise to version 3.0.10 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Unverified Password Change via the profile update process. An attacker can gain unauthorized access to user accounts by changing the email address associated with an account without additional verification steps.

Note: This is only exploitable if the attacker gains initial access to the account.

Upgrade flowise to version 3.0.10 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Unverified Password Change via the profile update process. An attacker can gain unauthorized access to user accounts by changing the authentication password without additional verification steps.

Note: This is only exploitable if the attacker gains initial access to the account.

Upgrade flowise to version 3.0.10 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Arbitrary Command Injection via the nodevm execution environment when integrated modules such as Puppeteer or Playwright are used with attacker-controlled browser binary paths and parameters. An authenticated attacker can execute arbitrary code on the host system by creating or running a tool that leverages these modules and specifying malicious executable paths or parameters, thereby bypassing intended sandbox restrictions.

Note: When using versions vulnerable to CVE-2025-26319, an attacker can bypass the need for authentication.

Upgrade flowise to version 3.0.8 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Directory Traversal via the WriteFile and ReadFile tools. An attacker can gain full control over the server, including executing arbitrary commands, by supplying crafted file paths that allow writing files to any location on the file system.

Upgrade flowise to version 3.0.8 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload process. An attacker can store malicious files on the server by uploading files without proper validation of file type, extension, or content. This can result in the persistent presence of executable scripts, which may be triggered later to execute arbitrary commands on the server.

Upgrade flowise to version 3.0.8 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via insufficient input filtering of input by web applications such as chat box and agent workflow processes. An attacker can execute arbitrary JavaScript code in the victim's browser by injecting malicious scripts, potentially leading to theft of sensitive information such as cookies when a user interacts with crafted content.

There is no fixed version for flowise.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the workflow UI View Messages feature in the admin panel. An attacker can execute arbitrary JavaScript in the context of an administrator's browser by injecting a specially crafted payload through message input, leading to credential theft and exposure of sensitive information stored in localStorage.

Upgrade flowise to version 2.2.7-patch.1 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the chat logs, due to improper input sanitization. An attacker can access sensitive information or impersonate an administrator by injecting malicious HTML or scripts into chat prompts, which are then rendered when an admin views the logs.

There is no fixed version for flowise.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the forgot-password endpoint, which returns a valid password reset tempToken and sensitive user details without authentication or verification. An attacker can gain access to arbitrary user accounts, including privileged accounts, resulting in complete account takeover.

Upgrade flowise to version 3.0.6 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to SQL Injection: Hibernate via the importChatflows process. An attacker can execute arbitrary SQL commands by injecting malicious SQL code into the input parameters.

Upgrade flowise to version 2.2.8 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Arbitrary Code Injection via the /api/v1/document-store/loader/process API. An attacker can execute arbitrary code by manipulating the fileName parameter to traverse directories and overwrite critical files such as package.json, leading to remote code execution when the server is started.

Note:

The writing functions addBase64FilesToStorage, addArrayFilesToStorage and addSingleFileToStorage in packages/components/src/storageUtils.ts are vulnerable.

Upgrade flowise to version 2.1.0 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Arbitrary File Upload through the /api/v1/attachments endpoint. An attacker can upload malicious files to the server by sending specially crafted requests to this endpoint.

Note:

This is only exploitable if the server configuration allows file uploads without proper validation or sanitization.

Upgrade flowise to version 2.2.7-patch.1 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the overrideConfig option. An attacker can execute arbitrary code, crash the server, perform server-side request forgery and exfiltrate server variables and data by injecting malicious configurations.

Upgrade flowise to version 2.1.4 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the creation of a chatflow. An attacker can bypass input filters by providing a snippet without an event handler as input to a conversation, like <iframe src=javascript:console.log(document.domain)>. This input is passed on to the administration panel and executed.

Upgrade flowise to version 2.1.1 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the /api/v1/get-upload-file API endpoint. An attacker can cause the application to crash by sending specially crafted input.

There is no fixed version for flowise.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Improper Authentication via the API endpoint authentication process. An attacker can gain unauthorized administrative access and manipulate restricted functionalities by bypassing the authentication mechanism.

Upgrade flowise to version 2.0.6 or higher.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the /api/v1/public-chatflows/id endpoint, which returns a 404 page in the absence of a chatflow ID. An attacker can inject malicious scripts into the text/html page to read unintended files on the filesystem.

There is no fixed version for flowise.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the /api/v1/chatflows-streaming/id, which returns a 404 page in the absence of a streaming ID. An attacker can inject malicious scripts into the text/html page to read unintended files on the filesystem.

There is no fixed version for flowise.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the /api/v1/credentials/id endpoint, which returns a 404 page in the absence of a credential ID. An attacker can inject malicious scripts into the text/html page to read unintended files on the filesystem.

There is no fixed version for flowise.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the api/v1/chatflows/id endpoint, which returns a 404 page in the absence of a chatflow ID. An attacker can inject malicious scripts into the text/html page to read unintended files on the filesystem.

There is no fixed version for flowise.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Path Traversal due to improper sanitization of the filename parameter used by the /api/v1/openai-assistants-file endpoint. An attacker can pass in a path traversal string to read arbitrary files on the vulnerable file system.

There is no fixed version for flowise.

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Origin Validation Error due to the use of the Access-Control-Allow-Origin header being set to allow all origins by default. An attacker can expose information by making requests from unauthorized origins.

Upgrade flowise to version 1.4.12 or higher.