FlowiseAI Custom Function SSRF绕过漏洞分析

SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox 漏洞概述 在 FlowiseAI 的 Custom Function 功能中存在 SSRF（服务端请求伪造）保护绕过漏洞。虽然应用通过 对 和 库实施了 SSRF 保护，但 Node.js 内置的 、 和 模块在沙箱环境中被允许使用且缺乏同等保护。这允许经过身份验证的用户绕过 SSRF 控制并访问内部网络资源（如云提供商元数据服务）。 影响范围 受影响版本： (npm) Content-Type: application/json Authorization: Bearer { "javascriptFunction": "const axios = require('axios'); return (await axios.get('http://169.254.169.254/latest/meta'))" } // Response { "statusCode": 500, "success": false, "message": "Error: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom f

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

FlowiseAI Custom Function SSRF绕过漏洞分析

同源更多文章

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

FlowiseAI Custom Function SSRF绕过漏洞分析

同源更多文章

目标达成感谢每一位支持者 — 我们达成了 100% 目标！