Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
📦 npm

GHSA-5cph-wvm9-45gj

Flowise OverrideConfig security vulnerability

Published
Nov 21, 2024
Updated
Nov 21, 2024
Affected
1 pkg
Patched
1 / 1
Exploits
None indexed

Blast Radius

1 pkg affected

Weekly download volume for affected packages — a proxy for how broadly this vulnerability is deployed.

flowisenpm
2Kdownloads / week

Description

Impact

Flowise allows developers to inject configuration into the Chainflow during execution through the overrideConfig option. This is supported in both the frontend web integration and the backend Prediction API.

This has a range of fundamental issues that are a major security vulnerability. While this feature is intentional, it should have strong protections added and be disabled by default.

These issues include:

  1. Remote code execution. While inside a sandbox this allows for
  2. Sandbox escape
  3. DoS by crashing the server
  4. SSRF
  5. Prompt Injection, both System and User
  6. Full control over LLM prompts
  7. Server variable and data exfiltration And many many more such as altering the flow of a conversation, prompt exfiltration via LLM proxying etc.

These issues are self-targeted and do not persist to other users but do leave the server and business exposed. All issues are shown with the API but also work with the web embed.

Workarounds

  • overrideConfig should be disabled by default
  • overrideConfig should have an explicit allow list of variables that are allowed to be modified. This way the user opts-in to where modifications can be made.
  • vm2 and any forks of it should be removed as in the authors own words, "fixing the vulnerability seems impossible". The recommended replacement is https://www.npmjs.com/package/isolated-vm

Affected Packages

1 total 1 fixed
EcosystemPackageVulnerable rangeFix
📦npmflowiseall versions2.1.4

Detection & mitigation playbook

Open-source dependency

  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for flowise. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Fix

    Update flowise to 2.1.4 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-5cph-wvm9-45gj is resolved across your whole dependency graph.

  3. Workarounds

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-5cph-wvm9-45gj is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-5cph-wvm9-45gj. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Impact Flowise allows developers to inject configuration into the Chainflow during execution through the `overrideConfig` option. This is supported in both the frontend web integration and the backend Prediction API. This has a range of fundamental issues that are a **major** security vulnerability. While this feature is intentional, it should have strong protections added and be disabled by default. These issues include: 1. Remote code execution. While inside a sandbox this allows for 1. Sandbox escape 2. DoS by crashing the server 3. SSRF 2. Prompt Injection, both System and
O3 Security · Impact-Aware SCA

Is GHSA-5cph-wvm9-45gj in your dependencies?

O3 detects GHSA-5cph-wvm9-45gj across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works