Homepage

n8n-workflow@1.103.2 vulnerabilities

Workflow base code of n8n

  • latest version

    1.82.0

  • latest non vulnerable version

    1.109.0

  • first published

    6 years ago

  • latest version published

    6 months ago

  • licenses detected

  • View n8n-workflow package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the n8n-workflow package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    n8n-workflow is a Workflow base code of n8n

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public chat URL by injecting malicious payloads. This can lead to theft of cookies or other sensitive data, or be used for phishing attacks.

    How to fix Cross-site Scripting (XSS)?

    Upgrade n8n-workflow to version 1.104.0 or higher.

    >=1.24.0 <1.104.0
    Go back to all versions of this package