CNNVD-202508-1513 Information

CNNVD ID

CNNVD-202508-1513

Related CVE

CVE-2025-55346

• CNNVD Published: 2025-08-14

Description (Chinese)

Flowise是FlowiseAI开源的一个用于轻松构建 LLM 应用程序的工具。 Flowise存在安全漏洞，该漏洞源于用户控制的输入流向不安全的动态函数构造函数实现，可能导致在主机环境中执行任意非沙盒JS代码。

Description (English)

Flowise is an open-source tool for easy construction of LLM applications. Flowise has a security loophole that results from user-controlled input flows to unsafe dynamic function tectonic functions, which may result in the enforcement of any non-salary box JS code in the host environment.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Flute

Published

2025-08-14

Last Modified

2026-02-24

References

https://research.jfrog.com/vulnerabilities/flowise-js-injection-remote-code-exection-jfsa-2025-001379925/