Flowise Remote Code Execution Vulnerability via Supabase RPC Filter

A remote code execution vulnerability exists in Flowise versions through 3.0.4. The issue arises from the unsanitized evaluation of user input in the 'Supabase RPC Filter' field, allowing authenticated admin users to execute arbitrary server-side code. This vulnerability is part of a broader trust boundary violation, where user-controlled input is directly executed in the backend, potentially leading to full server compromise.

Impact

Exploitation of this vulnerability allows for full operating system-level code execution within the Flowise backend environment. It also enables access to sensitive environment variables, such as the JWT refresh token secret, and the establishment of reverse shell connections for interactive remote access. Additionally, there is a risk of persisting malware or tampering with outputs in large language model (LLM) chains.

Reproduction

To reproduce this vulnerability, deploy a Flowise instance with the Supabase vector store enabled. Log in as an admin user and configure a 'Supabase' node by injecting a malicious payload into the 'Supabase RPC Filter' expression. Once the node is triggered, the injected code will be executed on the server, demonstrating the vulnerability.

Remediation

Users can update to Flowise version 3.0.6 or later, where this vulnerability has been patched.