Flowise Remote Code Execution Vulnerability in Airtable Agent

A remote code execution vulnerability has been identified in Flowise versions through 3.0.13, specifically within the AirtableAgent component. The issue arises from inadequate input validation when processing user data with Pandas, allowing for prompt injection that bypasses intended safeguards and executes arbitrary Python code. This vulnerability is particularly concerning as it exploits the integration between Flowise and Airtable, where user inputs are directly transmitted to the Python execution environment without proper sanitization.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Flowise is running, potentially leading to unauthorized access, data breaches, and misuse of server resources.

Reproduction

To reproduce this vulnerability, create a new chatflow in Flowise that includes the AirtableAgent. Input a prompt that injects malicious Python code into the question parameter, exploiting the lack of input sanitization. The injected code will be executed by the Pyodide environment, resulting in remote code execution.

Remediation

Users can upgrade to Flowise version 3.1.0 or later, where this vulnerability has been patched.