Vulnerability	Vulnerable Version
H SQL Injection @n8n/api-types is a fair-code workflow automation platform with native AI capabilities Affected versions of this package are vulnerable to SQL Injection in the process of importing a Data Table JSON file during a Source Control Pull operation. An attacker who can write to the git repository behind an n8n instance's Source Control configuration can cause the execution of SQL commands by committing a malicious file with a column name containing control characters to the repository, and convincing a user to perform a pull operation on it. This is only exploitable if the instance uses PostgreSQL as its database backend, the Source Control feature is enabled. How to fix SQL Injection? Upgrade `@n8n/api-types` to version 1.20.1, 1.21.1 or higher.	<1.20.1>=1.21.0 <1.21.1

SQL Injection

@n8n/api-types is a fair-code workflow automation platform with native AI capabilities

Affected versions of this package are vulnerable to SQL Injection in the process of importing a Data Table JSON file during a Source Control Pull operation. An attacker who can write to the git repository behind an n8n instance's Source Control configuration can cause the execution of SQL commands by committing a malicious file with a column name containing control characters to the repository, and convincing a user to perform a pull operation on it. This is only exploitable if the instance uses PostgreSQL as its database backend, the Source Control feature is enabled.

How to fix SQL Injection?

Upgrade @n8n/api-types to version 1.20.1, 1.21.1 or higher.

<1.20.1>=1.21.0 <1.21.1

Go back to all versions of this package