drupal/flowdrop is vulnerable to Access Bypass
48
Medium Risk
drupal/flowdrop runs AI-driven workflows interactively through a chat interface. When a workflow iterates more than once, the human-in-the-loop approval gate is not re-evaluated on later iterations, so steps may execute without fresh user approval and run actions the user did not intend. Exploitation requires a role with permission to administer, create, or edit FlowDrop workflows.
You are affected if you are using a version that falls within the vulnerable range.
drupal/flowdrop is vulnerable to Access Bypass in versions 1.0.0 - 1.5.0.
Upgrade the drupal/flowdrop library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant