n8n-workflow@1.120.5 vulnerabilities
Workflow base code of n8n
latest version
2.8.0
latest non vulnerable version
first published
6 years ago
latest version published
1 days ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the n8n-workflow package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Eval Injection during the Expression evaluation workflow. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An attacker can execute arbitrary code with the privileges of the main process by supplying crafted expressions during workflow configuration. How to fix Eval Injection? Upgrade | <1.120.7>=2.0.0-rc.0 <2.4.3>=2.5.0 <2.5.1 |
n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary commands on the host system by creating or modifying workflows with malicious code. How to fix Remote Code Execution (RCE)? Upgrade | >=1.0.0 <2.0.0-rc.1 |