CVE-2025-29189
HIGH7.6EPSS 0.13%Flowise Vulnerable to SQL Injection via `tableName` Parameter
發布日:2025/4/9修改日:2025/4/10
描述
Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.
受影響套件(1)
- npm/flowise-componentsfrom 0, < 2.2.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-29189
- PATCHhttps://github.com/FlowiseAI/Flowise
- WEBhttps://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing
- WEBhttps://github.com/FlowiseAI/Flowise/commit/9a417bdc95f58d6dd92cbf60dad42414aba34754
- WEBhttps://github.com/FlowiseAI/Flowise/pull/3818