Flowise is vulnerable to arbitrary file write through its WriteFileTool

Summary The WriteFileTool in Flowise does not restrict the file path for reading, allowing authenticated attackers to exploit this vulnerability to write arbitrary files to any path in the file system, potentially leading to remote command execution. Details Flowise supports providing WriteFileTo...