Access Control Bypass
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Access Control Bypass via the via POST /api/v1/account/login and POST /api/v1/account/invite endpoints. An attacker can gain access to arbitrary bcrypt password hash, tempToken, and tokenExpiry, including...