Description
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.
Problem types
External Control of File Name or Path
Product status
Any version
Credits
pyozzi-toss
References
github.com/...lowise/security/advisories/GHSA-8vvx-qvq9-5948
github.com/...lowise/security/advisories/GHSA-8vvx-qvq9-5948 (GitHub Security Advisory (GHSA-8vvx-qvq9-5948))
www.vulncheck.com/...e-code-execution-via-document-store-api (VulnCheck Advisory: Flowise - Arbitrary File Write to Remote Code Execution via document-store API)