3 matches found
EUVD-2025-34455
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages...
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages
Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...
CVE-2025-34267 Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages
Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...