GHSA-hr92-4q35-4j3m: FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
7.5
Basic Information
Technical Details
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| flowise | npm | = 3.0.5 | 3.0.6 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability analysis identified a Server-Side Request Forgery (SSRF) issue in the /api/v1/fetch-links endpoint of the Flowise application. The root cause was the lack of URL validation when the server-side fetch API was used to retrieve content from user-provided URLs.
The investigation started by analyzing the provided vulnerability details, which pointed to specific code paths in the FlowiseAI/Flowise repository. By comparing the last vulnerable version (3.0.5) with the first patched version (3.0.6), I identified the fixing commit e002e617df6177cb603c8c569d224bce5fb96b33.
The commit's patch introduced two new security functions, secureFetch and checkDenyList, and applied them to the vulnerable code paths.
The analysis of the patch revealed three key functions involved in the vulnerability:
xmlScrape(packages/components/src/utils.ts): This function's direct use offetch(currentURL)was replaced withsecureFetch(currentURL), confirming it as a sink for the SSRF.webCrawl(packages/components/src/utils.ts): This function, and thecrawlhelper it calls, also used an unrestrictedfetch. The patch added acheckDenyListvalidation at the start ofwebCrawland replacedfetchwithsecureFetchwithin thecrawlfunction, indicating it was a primary vulnerable path.getAllLinks(packages/server/src/services/fetch-links/index.ts): This service-layer function acts as the entry point for the vulnerable logic, taking the user's URL and dispatching it to eitherwebCrawlorxmlScrape. The patch added acheckDenyListcall here as a defense-in-depth measure.
These three functions would appear in a runtime profile or stack trace during an exploit. An attacker would send a request to the /api/v1/fetch-links endpoint, which would trigger the getAllLinks service, and subsequently either webCrawl or xmlScrape, causing the server to make a malicious request to an internal resource.
Vulnerable functions
webCrawlpackages/components/src/utils.ts
xmlScrapepackages/components/src/utils.ts
getAllLinkspackages/server/src/services/fetch-links/index.ts