Threat Intelligence Database

FlowiseAI Flowise versions 3.1.0, 3.1.1, and 3.1.2 contain a path traversal vulnerability in the S3 Document Loader component. This vulnerability allows remote attackers to manipulate file paths, potentially accessing unauthorized files. The vendor has not responded to the disclosure. A patch is available, and since this is a cloud service, the vendor typically manages remediation server-side.

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2.

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2.

Flowise versions prior to 3.1.2 contain a vulnerability where mass-assignment in dataset creation and update allows cross-workspace dataset takeover. This issue has been addressed in version 3.1.2. The vulnerability involves improperly controlled modification of dynamically-determined object attributes, classified as CWE-915.

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2.

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELIST_URLS. However, it is also not protected by the main auth middleware when accessed via API key — the route requires API key auth (not whitelisted), but no permission checks exist on any operation. This issue has been patched in version 3.1.2.

FlowiseAI Flowise versions prior to 3.1.2 have a vulnerability where the encryptedData field is exposed in credential fetch responses when using a credentialName filter. This exposure of sensitive information occurs because the encryptedData field is not properly omitted in filtered responses, unlike unfiltered ones. The issue has been fixed in version 3.1.2.

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign assistants to arbitrary workspaces. This breaks tenant isolation in multi-workspace environments. This issue has been patched in version 3.1.2.

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2.