skip to content
Back to
Home Research Advisories CodeQL Wall of Fame Get Involved Events
June 28, 2024

GHSL-2023-232_GHSL-2023-234: Path injection, Cross-Site Scripting (XSS) and CORS misconfiguration in Flowise - CVE-2024-36420, CVE-2024-36421, CVE-2024-36422, CVE-2024-36423, CVE-2024-37145, CVE-2024-37146

Kevin Stubbings

Coordinated Disclosure Timeline


Flowise is vulnerable to path injection, cross site scripting and CORS misconfiguration vulnerabilities, that may compromise the confidentiality of the information on the host server. In the worst case, it may allow attackers to read files from the Flowise server and read/modify user secrets.



Tested Version



Issue 1: Path Injection at /api/v1/openai-assistants-file (GHSL-2023-232)

The /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter.'/api/v1/openai-assistants-file', async (req: Request, res: Response) => {
            const filePath = path.join(getUserHome(), '.flowise', 'openai-assistant', req.body.fileName)
            res.setHeader('Content-Disposition', 'attachment; filename=' + path.basename(filePath))
            const fileStream = fs.createReadStream(filePath)

This vulnerability was found with the help of CodeQL.


This issue may lead to Arbitrary File Read

Issue 2: Reflected XSS in packages/server/src/index.ts (GHSL-2023-245-GHSL-2023-248)

Reflected XSS vulnerabilities occur in many of the API endpoints. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction.'/api/v1/flow-config/:id', async (req: Request, res: Response) => {
            const chatflow = await this.AppDataSource.getRepository(ChatFlow).findOneBy({
            if (!chatflow) return res.status(404).send(`Chatflow ${} not found`)
            const flowData = chatflow.flowData
            const parsedFlowData: IReactFlowObject = JSON.parse(flowData)
            const nodes = parsedFlowData.nodes
            const availableConfigs = findAvailableConfigs(nodes, this.nodesPool.componentCredentials)
            return res.json(availableConfigs)

If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server.

This vulnerability is found in many endpoints in index.ts, including:





I have linked the GET handler for each endpoint which is immediately exploitable, but their POST, PUT, DELETE counterparts may be exploitable in the future. It is recommended that you remove all cases where data provided from the req parameter is passed to the res without sanitization. Example:

res.status(404).send(`Chatflow ${} not found`)

These vulnerabilities were found with the help of CodeQL


This issue may lead to Information Disclosure

Issue 3: Cors Misconfiguration in packages/server/src/index.ts (GHSL-2023-234)

A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated), arbitrary origins may be able to make requests to Flowise, stealing information from the user.

// Allow access from *

This CORS misconfiguration may be chained with the path injection to allow an attacker attackers without access to Flowise to read arbitrary files from the Flowise server.


This issue may lead to Information Disclosure


These issues were discovered and reported by GHSL team member @Kwstubbs (Kevin Stubbings).


You can contact the GHSL team at, please include a reference to GHSL-2023-232,GHSL-2023-234, GHSL-2023-245-GHSL-2023-248 in any communication regarding these issues.