Gửi #777668: FlowiseAI Flowise <= 3.0.12 Server-Side Request Forgery (CWE-918)thông tin

tiêu đề	FlowiseAI Flowise <= 3.0.12 Server-Side Request Forgery (CWE-918)
Mô tả	# Technical Details A Server-Side Request Forgery (SSRF) vulnerability exists in the OpenAPI Toolkit component `packages/components/nodes/tools/OpenAPIToolkit/OpenAPIToolkit.ts` of FlowiseAI Flowise. The loadOpenApiSpec() method fetches user-specified OpenAPI spec URLs using raw fetch() without the secureFetch wrapper introduced in the DNS Rebinding fix (GHSA-2x8m-83vc-6wv4, commit 643ebf5). This completely bypasses HTTP_DENY_LIST. Unlike typical blind SSRFs, the response is fully parsed as JSON/YAML and returned to the attacker through the API response, enabling complete structured data exfiltration. The SSRF fires during node configuration (listServers, listEndpoints) via POST /api/v1/node-load-method/openAPIToolkit, not just during chatflow execution. # Vulnerable Code File: packages/components/nodes/tools/OpenAPIToolkit/OpenAPIToolkit.ts (line 287) Method: loadOpenApiSpec() Why: Uses raw fetch(openApiLink) instead of secureFetch(). The openApiLink is user-controlled input. The response is parsed as JSON/YAML and returned through listServers and listEndpoints methods, enabling structured data exfiltration. # Reproduction 1. Deploy Flowise with deny list: docker run -d -e HTTP_DENY_LIST="x.x.x.x/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/8" -p 3001:3000 flowiseai/flowise:latest 2. Start an HTTP listener serving a fake OpenAPI spec on the host. 3. Authenticate and trigger SSRF: POST /api/v1/node-load-method/openAPIToolkit with {"loadMethod":"listServers","inputs":{"inputType":"link","openApiLink":"http://172.17.0.1:9997/ssrf-spec.json"}} 4. The response contains parsed data from the internal service (server URLs, descriptions) despite the target IP being in the deny list. # Impact - Steal cloud metadata (AWS IAM credentials via x.x.x.x). - Query internal APIs with full structured response exfiltration. - Scan internal networks, bypass network segmentation. - Fires during node configuration, lowering exploitation barrier.
Nguồn	⚠️ https://gist.github.com/YLChen-007/75c3d4803d36cf162302b28f3233fdce
Người dùng	Eric-a (UID 96353)
Đệ trình	11/03/2026 15:12 (cách đây 3 các tháng)
Kiểm duyệt	06/05/2026 09:43 (2 months later)
Trạng thái	được chấp nhận
Mục VulDB	361279 [FlowiseAI Flowise đến 3.0.12 OpenAPI Toolkit OpenAPIToolkit.ts loadOpenApiSpec nâng cao đặc quyền]
điểm	20

◂ Trước Tổng Quan Tiếp theo ▸

Do you know our Splunk app?

Download it now for free!