Flowise
Flowise copied to clipboard
FlowiseAI
[Security] Github Security Lab Report
Describe the bug Hello, Github Security Lab has found some security issues we would like to report. Please enable Private Vulnerability Reporting so we can submit them privately. Thank you
To Reproduce N/A
@HenryHengZJ it is not. I have submitted. Please respond in the advisories to let me know if you can see the advisories and also if you have any questions regarding the issues. I am happy to help with patches in the temporary fork.
@HenryHengZJ It has been two months over two months since I reported these vulnerabilities. Please let me know if you have a timeline when you can fix these issues. Please note that Github has 90 day disclosure policy, which I am happy to extend if the issues is actively being worked on. Thank you
@Kwstubbs while I understand and take priority on the issues however we don't have enough resources to fully resolve all the issues yet. We'd definitely appreciate if you or anyone can help tackling some of the issues mentioned
@HenryHengZJ Please let me know if you have had a chance to fix any of these issues. I see these issues have been labeled an enhancement, but a bug would probably be a better label in terms of priority. If you do not plan to fix these, I will go ahead publish the advisories. While I cannot directly PR a fix, I am happy to give advice if you need any direction in fixing these issues. Please let me know any questions under the advisory themselves.
@HenryHengZJ Hello, we will be publicly disclosing the security advisories we reported as part of our Disclosure Policy on Jun 28. We have extended the policy from 90 days to 180 days but have not heard a response.