Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Improper Validation of Specified Type of Input
SECURITY ISSUES FOUNDPOPULARHEALTHYACTIVE
Affects
n8n is a n8n Workflow Automation Tool
Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input that is passed to the handleFormData() function. An attacker can gain unauthorized access to files on the underlying server by requests with unexpected content-type values to exposed endpoints. This allows the attacker to make arbitrary file contents available via the chat interface. Sensitive cookie values retrieved can then be used to bypass authentication and further compromise of the application and underlying system.
Note:
For users using the main n8n package it is recommended to upgrade to [email protected].
##Workaround This vulnerability can be mitigated by restricting or disabling publicly accessible webhook and form endpoints.
Improper Handling of Highly Compressed Data (Data Amplification)
Affects
urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.
Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the streaming API when handling HTTP redirects. An attacker can cause excessive resource consumption by serving a specially crafted compressed response that triggers decompression of large amounts of data before any read limits are enforced.
Note: This is only exploitable if content is streamed from untrusted sources with redirects enabled.
External Control of File Name or Path
Affects
Affected versions of this package are vulnerable to External Control of File Name or Path via the loadFile, addImage, html and addFont functions. An attacker can access and include arbitrary files from the local file system into generated PDFs.
Recent vulnerabilities disclosed by Snyk
- H
Prototype Pollution in pace-js (npm)- C
Remote Code Execution (RCE) in n8n-workflow (npm)- C
Remote Code Execution (RCE) in n8n-nodes-base (npm)- C
Remote Code Execution (RCE) in @n8n/config (npm)- M
Cross-site Request Forgery (CSRF) in fastapi-sso (pip)
Snyk security
researchers
have disclosed
3455
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.