Vulnerability	Vulnerable Version
H Arbitrary File Upload @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Arbitrary File Upload via the `ChatTrigger` component. An attacker can execute arbitrary code by uploading a crafted HTML file. How to fix Arbitrary File Upload? Upgrade `@n8n/n8n-nodes-langchain` to version 1.106.0 or higher.	>=1.36.4 <1.106.0
M Cross-site Scripting (XSS) @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `initialMessages` parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public chat URL by injecting malicious payloads. This can lead to theft of cookies or other sensitive data, or be used for phishing attacks. How to fix Cross-site Scripting (XSS)? Upgrade `@n8n/n8n-nodes-langchain` to version 1.106.0 or higher.	>=1.36.4 <1.106.0

Arbitrary File Upload

@n8n/n8n-nodes-langchain is a Banner image

Affected versions of this package are vulnerable to Arbitrary File Upload via the ChatTrigger component. An attacker can execute arbitrary code by uploading a crafted HTML file.

How to fix Arbitrary File Upload?

Upgrade @n8n/n8n-nodes-langchain to version 1.106.0 or higher.

>=1.36.4 <1.106.0

Cross-site Scripting (XSS)

@n8n/n8n-nodes-langchain is a Banner image

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public chat URL by injecting malicious payloads. This can lead to theft of cookies or other sensitive data, or be used for phishing attacks.

How to fix Cross-site Scripting (XSS)?

Upgrade @n8n/n8n-nodes-langchain to version 1.106.0 or higher.

>=1.36.4 <1.106.0

Go back to all versions of this package