cbcvebase.
CVE-2024-31621
published 2024-04-29

CVE-2024-31621: An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.

PriorityP273high7.6CVSS 3.1
AVNACLPRLUINSUCLIHAL
EXPLOIT
EPSS
59.87%
99.0th percentile
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.

Affected

2 ranges
VendorProductVersion rangeFixed in
flowiseaiflowise<= 1.6.5
flowiseaiflowise>= 0 < 1.8.11.8.1

Detection & IOCsextracted from sources · hover to see the quote

url/API/V1/credentials
path/API/V1/credentials
  • Authentication bypass is triggered by sending requests to /api/v1/ endpoints using uppercase path variants (e.g., /API/V1/ or /Api/v1/). Detect HTTP requests where the path contains case-variant forms of '/api/v1/' such as '/API/V1/', '/Api/V1/', etc., which bypass the case-sensitive middleware check.
  • A successful exploit response to /API/V1/credentials will contain both '"credentialName":' and '"updatedDate":' in the response body with HTTP 200, indicating unauthenticated credential data exposure.
  • Attackers may use Burp Suite Match and Replace rules to automatically uppercase /api/v1 to /API/V1 in all proxy requests. Monitor for proxy tool signatures alongside uppercase API path patterns.
  • Flowise instances exposed on the internet can be identified via Shodan using the favicon hash -2051052918, which can be used to enumerate potentially vulnerable targets.
  • ·The authentication bypass only works against Flowise instances that have authentication enabled (basicAuthMiddleware). Instances running without authentication configured are unaffected by this specific bypass technique but are inherently open.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.