|
| Description: | | FlowiseAI is large language model web frontend app. A vulnerability exists in FlowiseAI before 2.2.7. An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API.
An attacker can reach RCE(Remote Code Execution) via file writing. |
|
| Impact: | | An attacker may upload malicious file to rewrite package.json and inject malicious commands. Those commands will be executed when server restarted. |
|
| Affected OS: | | Windows, Linux, Others |
|
| Reference: | | https://github.com/advisories/GHSA-8vvx-qvq9-5948
|
|