GHSA-c3hj-m5hq-59xwCriticalCVSS 10.0
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process...
🔗 CVE IDs covered (1)
📋 Description
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.