GHSA-X2G5-FVC2-GQVP Flowise has Insufficient Password Salt Rounds

Description The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security. Affected Code export function getHashvalue: string const salt = bcrypt.genSaltSyncparseIntprocess.env.PASSWORDSALTHASHROUNDS || '5' return bcrypt.hashSyncvalue, salt Evidence Using 5 salt...

Use of Password Hash With Insufficient Computational Effort

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of insufficient bcrypt salt rounds in the getHash function. An attacker can significantly reduce the time required to crack passwor...