Flowise SSRF Protection Bypass Vulnerability

A vulnerability in Flowise prior to version 3.1.0 allows for Server-Side Request Forgery (SSRF) attacks by bypassing centralized HTTP security measures. Multiple tool implementations directly use raw HTTP clients, such as node-fetch and axios, without going through the secured wrapper that enforces deny-list validation and IP pinning. This oversight restores full SSRF capabilities, enabling access to internal network resources and cloud metadata, which could lead to credential theft.

Impact

Exploitation of this vulnerability completely bypasses the application's SSRF mitigation, allowing unauthorized access to internal network resources and cloud metadata, with potential theft of sensitive credentials.

Reproduction

To reproduce this vulnerability, enable a tool that directly imports and uses raw HTTP clients like node-fetch or axios, such as the Web Scraper Tool. Even with SSRF protections configured to deny access to certain IP ranges, the tool can still reach restricted metadata endpoints, demonstrating the bypassed security.

Remediation

Users are advised to update to Flowise version 3.1.0 or later, refactor tools to use the centralized secureFetch() wrapper, add ESLint rules to prevent direct imports of node-fetch or axios, and consider implementing a single internal HTTP client abstraction layer.