Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure) — flowise
Time-of-check Time-of-use (TOCTOU) Race ConditionSummary
The core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list.
Details
The flaws exist in packages/components/src/httpSecurity.ts.
Default Insecure: If process.env.HTTP_DENY_LIST is undefined, checkDenyList returns immediately, allowing all requests (including localhost).
DNS Rebinding (TOCTOU): The function performs a DNS lookup (dns.lookup) to validate the IP, and then the HTTP client performs a new lookup to connect. An attacker can serve a valid IP first, then switch to an internal IP (e.g., 127.0.0.1) for the second lookup.
PoC
nsure HTTP_DENY_LIST is unset (default behavior).
Use any node utilizing secureFetch to access http://127.0.0.1.
Result: Request succeeds.
Scenario 2: DNS Rebinding
Attacker controls domain attacker.com and a custom DNS server.
Configure DNS to return 1.1.1.1 (Safe IP) with TTL=0 for the first query.
Configure DNS to return 127.0.0.1 (Blocked IP) for subsequent queries.
Flowise validates attacker.com -> 1.1.1.1 (Allowed).
Flowise fetches attacker.com -> 127.0.0.1 (Bypass).
Run the following for manual verification
"// PoC for httpSecurity.ts Bypasses import * as dns from 'dns/promises';
// Mocking the checkDenyList logic from Flowise async function checkDenyList(url: string) { const deniedIPs = ['127.0.0.1', '0.0.0.0']; // Simplified deny list logic
if (!process.env.HTTP_DENY_LIST) {
console.log("⚠️ HTTP_DENY_LIST not set. Returning allowed.");
return; // Vulnerability 1: Default Insecure
}
const { hostname } = new URL(url);
const { address } = await dns.lookup(hostname);
if (deniedIPs.includes(address)) {
throw new Error(`IP ${address} is denied`);
}
console.log(`✅ IP ${address} allowed check.`);
}
async function runPoC() { console.log("--- Test 1: Default Configuration (Unset HTTP_DENY_LIST) ---"); // Ensure env var is unset delete process.env.HTTP_DENY_LIST; try { await checkDenyList('http://127.0.0.1'); console.log("[PASS] Default config allowed localhost access."); } catch (e) { console.log("[FAIL] Blocked:", e.message); }
console.log("\n--- Test 2: 'private' Keyword Bypass (Logic Flaw) ---");
process.env.HTTP_DENY_LIST = 'private'; // User expects this to block localhost
try {
await checkDenyList('http://127.0.0.1');
// In real Flowise code, 'private' is not expanded to IPs, so it only blocks the string "private"
console.log("[PASS] 'private' keyword failed to block localhost (Mock simulation).");
} catch (e) {
console.log("[FAIL] Blocked:", e.message);
}
}
runPoC();"
Impact
Confidentiality: High (Access to internal services if protection is bypassed).
Integrity: Low/Medium (If internal services allow state changes via GET).
Availability: Low.
| Software | From | Fixed in |
|---|---|---|
flowise
|
- | 3.1.0 |
|
flowise-components
|
- | 3.1.0 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime
Frequently Asked Questions
A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.
CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.
A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.
Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.
Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.
SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.