提出 #777668: FlowiseAI Flowise <= 3.0.12 Server-Side Request Forgery (CWE-918)情報

タイトル	FlowiseAI Flowise <= 3.0.12 Server-Side Request Forgery (CWE-918)
説明	# Technical Details A Server-Side Request Forgery (SSRF) vulnerability exists in the OpenAPI Toolkit component `packages/components/nodes/tools/OpenAPIToolkit/OpenAPIToolkit.ts` of FlowiseAI Flowise. The loadOpenApiSpec() method fetches user-specified OpenAPI spec URLs using raw fetch() without the secureFetch wrapper introduced in the DNS Rebinding fix (GHSA-2x8m-83vc-6wv4, commit 643ebf5). This completely bypasses HTTP_DENY_LIST. Unlike typical blind SSRFs, the response is fully parsed as JSON/YAML and returned to the attacker through the API response, enabling complete structured data exfiltration. The SSRF fires during node configuration (listServers, listEndpoints) via POST /api/v1/node-load-method/openAPIToolkit, not just during chatflow execution. # Vulnerable Code File: packages/components/nodes/tools/OpenAPIToolkit/OpenAPIToolkit.ts (line 287) Method: loadOpenApiSpec() Why: Uses raw fetch(openApiLink) instead of secureFetch(). The openApiLink is user-controlled input. The response is parsed as JSON/YAML and returned through listServers and listEndpoints methods, enabling structured data exfiltration. # Reproduction 1. Deploy Flowise with deny list: docker run -d -e HTTP_DENY_LIST="x.x.x.x/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/8" -p 3001:3000 flowiseai/flowise:latest 2. Start an HTTP listener serving a fake OpenAPI spec on the host. 3. Authenticate and trigger SSRF: POST /api/v1/node-load-method/openAPIToolkit with {"loadMethod":"listServers","inputs":{"inputType":"link","openApiLink":"http://172.17.0.1:9997/ssrf-spec.json"}} 4. The response contains parsed data from the internal service (server URLs, descriptions) despite the target IP being in the deny list. # Impact - Steal cloud metadata (AWS IAM credentials via x.x.x.x). - Query internal APIs with full structured response exfiltration. - Scan internal networks, bypass network segmentation. - Fires during node configuration, lowering exploitation barrier.
ソース	⚠️ https://gist.github.com/YLChen-007/75c3d4803d36cf162302b28f3233fdce
ユーザー	Eric-a (UID 96353)
送信	2026年03月11日 15:12 (3 月 ago)
モデレーション	2026年05月06日 09:43 (2 months later)
ステータス	承諾済み
VulDBエントリ	361279 [FlowiseAI Flowise 迄 3.0.12 OpenAPI Toolkit OpenAPIToolkit.ts loadOpenApiSpec 特権昇格]
ポイント	20

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!