| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| flowise | npm | = 3.0.5 | 3.0.6 |
The vulnerability is a Remote Code Execution (RCE) within the CustomMCP component of Flowise, identified as GHSA-3gcm-f6qx-ff7p. The root cause is the unsafe parsing of a user-provided configuration string, mcpServerConfig, using the Function() constructor, which executes the string as JavaScript code.
The analysis of the provided patch, which was identified by comparing the vulnerable version 3.0.5 and the patched version 3.0.6, confirms this. The commit 4af067a444a579f260d99e8c8eb0ae3d5d9b811a replaces the dangerous Function('return ' + inputString)() call with JSON5.parse(inputString) inside the convertToValidJSONString function in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts.
Based on this, two key functions have been identified:
convertToValidJSONString: This is the primary vulnerable function where the code injection and execution actually happen. It directly uses the Function() constructor on user-controlled data.
CustomMCP_Tools.loadMethods: This method orchestrates the attack. It retrieves the malicious payload from the user input (mcpServerConfig) and passes it down to convertToValidJSONString. As such, it is a critical function that would be observed in any runtime profile or stack trace when the vulnerability is triggered.
The fix correctly addresses the vulnerability by replacing the code execution with a safe JSON parsing method, preventing the RCE.
Ongoing coverage of React2Shell