Arbitrary Code Injection
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection via the node-custom-function endpoint when user-supplied JavaScript is executed in a NodeVM sandbox without sufficient route-level authorization. A user can execute...