FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper validation...

Flowise 命令注入漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a command injection vulnerability in versions of the tool. This vulnerability stemmed from the lack of proper sandboxing mechanisms in the run method of the...

Incomplete List of Disallowed Inputs

Overview flowise-ui is a Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the server by...

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute...

Incomplete List of Disallowed Inputs

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the...