Publish GHSA-q4xx-mc3q-23x8

Author: advisory-database[bot]

advisories/github-reviewed/2025/08/GHSA-q4xx-mc3q-23x8/GHSA-q4xx-mc3q-23x8.json

@@ -1,13 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q4xx-mc3q-23x8",
-  "modified": "2025-08-14T16:42:36Z",
+  "modified": "2025-10-03T21:50:37Z",
   "published": "2025-08-14T12:30:22Z",
-  "aliases": [
-    "CVE-2025-55346"
-  ],
-  "summary": "Flowise JS injection remote code execution",
-  "details": "User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request.",
+  "withdrawn": "2025-10-03T21:50:37Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: Flowise vulnerable to RCE via Dynamic function constructor injection",
+  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hmgh-466j-fx4c. This link is maintained to preserve external references.\n\n### Original Description\nUser-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request.",
   "severity": [
     {
       "type": "CVSS_V3",