2 matches found
Mass Assignment
Flowise is vulnerable to Mass Assignment. The vulnerability is due to insufficient validation and authorization checks in the evaluator create and update operations, where authenticated users can modify server-controlled properties to take over evaluators across workspaces...
Medium: janino
Issue Overview: janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. CVE-2023-3354...