2 matches found
Incomplete List of Disallowed Inputs
Overview flowise-ui is a Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the server by...
Improper Handling of Missing Values
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improper Handling of Missing Values password reset flow in account.service.ts. An attacker can reset another user’s password by supplying a crafted reset request with an invalid or missing temporary token a...