Количество 2
Количество 2
CVE-2025-59527
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. This issue has been patched in version 3.0.6.
GHSA-hr92-4q35-4j3m
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-59527 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. This issue has been patched in version 3.0.6. | CVSS3: 7.5 | 0% Низкий | 5 месяцев назад |
| GHSA-hr92-4q35-4j3m FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability | CVSS3: 7.5 | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу