-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| flowise | npm | = 3.0.5 | 3.0.6 |
Miggo AIRoot Cause AnalysisThe vulnerability is a Remote Code Execution (RCE) within the CustomMCP component of Flowise, identified as GHSA-3gcm-f6qx-ff7p. The root cause is the unsafe parsing of a user-provided configuration string, mcpServerConfig, using the Function() constructor, which executes the string as JavaScript code.
The analysis of the provided patch, which was identified by comparing the vulnerable version 3.0.5 and the patched version 3.0.6, confirms this. The commit 4af067a444a579f260d99e8c8eb0ae3d5d9b811a replaces the dangerous Function('return ' + inputString)() call with JSON5.parse(inputString) inside the convertToValidJSONString function in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts.
Based on this, two key functions have been identified:
convertToValidJSONString: This is the primary vulnerable function where the code injection and execution actually happen. It directly uses the Function() constructor on user-controlled data.
CustomMCP_Tools.loadMethods: This method orchestrates the attack. It retrieves the malicious payload from the user input (mcpServerConfig) and passes it down to convertToValidJSONString. As such, it is a critical function that would be observed in any runtime profile or stack trace when the vulnerability is triggered.
The fix correctly addresses the vulnerability by replacing the code execution with a safe JSON parsing method, preventing the RCE.
Ongoing coverage of React2Shell