2 matches found
Flowise 安全漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a security vulnerability. This vulnerability stemmed from the text-to-speech generation endpoint accepting direct credentials IDs, allowing...
GHSA-5FW2-MWHH-9947 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
Summary The text-to-speech generation endpoint POST /api/v1/text-to-speech/generate is whitelisted no auth and accepts a credentialId directly in the request body. When called without a chatflowId, the endpoint uses the provided credentialId to decrypt the stored credential e.g., OpenAI or...