{"data":{"id":"0dfdb2f7-bfaa-482b-9442-be781d599e58","title":"GHSA-wxrr-jp8m-qq7f: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover","summary":"FlowiseAI's Evaluator feature has a mass-assignment vulnerability (a bug where client-controlled data is copied directly into server objects without filtering) that allows authenticated users to change an evaluator's `workspaceId` field, moving it to another workspace they don't own. This breaks workspace isolation (the separation that keeps different teams' data apart) and lets attackers in workspace B read, modify, and use evaluators belonging to workspace A.","solution":"The fix is already applied in PR https://github.com/FlowiseAI/Flowise/pull/6050. The patched code uses an allowlist pattern: instead of copying all fields from the request body via `Object.assign(...)`, the code explicitly checks each allowed field one at a time before copying it (e.g., `if (body.allowed_field_1 !== undefined) updatedEvaluator.allowed_field_1 = body.allowed_field_1`). This ensures only safe fields can be set, and `workspaceId` is no longer accepted from the client.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-wxrr-jp8m-qq7f","publishedAt":"2026-05-14T16:19:52.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":["flowise@<= 3.1.1 (fixed: 3.1.2)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["FlowiseAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-05-14T16:19:52.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}