Vulnerability	Vulnerable Version
H Use of Uninitialized Resource Affected versions of this package are vulnerable to Use of Uninitialized Resource via 'js-task-runner.ts'. An attacker can expose residual data from the Node.js process, including secrets or tokens, by creating or modifying workflows that allocate uninitialized buffers when Task Runners are enabled. How to fix Use of Uninitialized Resource? Upgrade `@n8n/task-runner` to version 1.59.16, 2.9.1, 2.10.1 or higher.	<1.59.16>=2.0.0-rc.0 <2.9.1>=2.10.0 <2.10.1
C Arbitrary Code Injection Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions. How to fix Arbitrary Code Injection? Upgrade `@n8n/task-runner` to version 1.59.16, 2.9.1, 2.10.1 or higher.	<1.59.16>=2.0.0 <2.9.1>=2.10.0 <2.10.1

Use of Uninitialized Resource

Affected versions of this package are vulnerable to Use of Uninitialized Resource via 'js-task-runner.ts'. An attacker can expose residual data from the Node.js process, including secrets or tokens, by creating or modifying workflows that allocate uninitialized buffers when Task Runners are enabled.

How to fix Use of Uninitialized Resource?

Upgrade @n8n/task-runner to version 1.59.16, 2.9.1, 2.10.1 or higher.

<1.59.16>=2.0.0-rc.0 <2.9.1>=2.10.0 <2.10.1

Arbitrary Code Injection

Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions.

How to fix Arbitrary Code Injection?

Upgrade @n8n/task-runner to version 1.59.16, 2.9.1, 2.10.1 or higher.

<1.59.16>=2.0.0 <2.9.1>=2.10.0 <2.10.1

Go back to all versions of this package