Flowise Unauthenticated Arbitrary File Upload Vulnerability via MIME Spoofing

A vulnerability in Flowise prior to version 3.0.13 allows for unauthenticated arbitrary file uploads through the /api/v1/attachments/:chatflowId/:chatId endpoint. The server trusts the client-supplied Content-Type header without verifying the actual file content or extension. This oversight enables attackers to upload malicious files by disguising them as acceptable types, such as PDFs. Once uploaded, these files are stored on the backend (S3, GCS, or local disk) and can be exploited to execute scripts, host malicious files, or potentially lead to remote code execution.

Impact

Exploitation of this vulnerability allows for unauthenticated arbitrary file uploads, which can be leveraged to execute malicious scripts on the server, host harmful files that could be accessed by users, or cause stored cross-site scripting by uploading files with embedded scripts that execute when accessed.

Reproduction

To reproduce this vulnerability, send a multipart/form-data request to the /api/v1/attachments/:chatflowId/:chatId endpoint. Spoof the Content-Type header to an allowed type, such as application/pdf, while uploading a file with a malicious payload, like a JavaScript web shell. The uploaded file will be processed as a legitimate PDF, bypassing the server's file type validation and allowing the execution of the malicious script.

Remediation

Users are advised to update Flowise to version 3.0.13 or later, where this vulnerability has been patched.