Flowise Server-Side Request Forgery Vulnerability in API Chain Components

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Flowise versions prior to 3.1.0. This vulnerability exists within the POST and GET API Chain components, allowing unauthenticated attackers to manipulate the server into making arbitrary HTTP requests to both internal and external systems. By injecting malicious prompt templates, attackers can bypass the intended API documentation constraints, redirecting requests to sensitive internal services. This could lead to internal network reconnaissance and data exfiltration.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to use the Flowise server as a proxy to access arbitrary internal and external HTTP endpoints. This could result in unauthorized access to internal network services, cloud metadata that may contain sensitive information, and internal APIs or databases that lack proper authentication. The vulnerability also poses a risk of data exfiltration from compromised internal services.

Reproduction

To reproduce this vulnerability, create a Flowise chatflow using a version prior to 3.1.0 that includes the POST/GET API Chain component. Inject a prompt that manipulates the API documentation to override the base URL with an internal endpoint. Once the prompt is processed, the Flowise server will make a request to the internal service, demonstrating the SSRF exploitation.

Remediation

Users can upgrade to Flowise version 3.1.0 or later to address this vulnerability.