n8n@0.202.0 vulnerabilities

n8n Workflow Automation Tool

Direct Vulnerabilities

Known vulnerabilities in the n8n package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Directory Traversal

n8n is a n8n Workflow Automation Tool

Affected versions of this package are vulnerable to Directory Traversal via the /rest/credential-translation endpoint, due to improper input validation passed into the credentialType argument of the getCredentialTranslationPath function.

How to fix Directory Traversal?

Upgrade n8n to version 0.216.1 or higher.

<0.216.1
  • M
Authentication Bypass

n8n is a n8n Workflow Automation Tool

Affected versions of this package are vulnerable to Authentication Bypass due to loose condition in auth.ts, which allows any user to send requests to an endpoint as long as request includes .svg. Exploiting this vulnerability might be escalated to directory traversal.

How to fix Authentication Bypass?

Upgrade n8n to version 0.216.1 or higher.

<0.216.1
  • H
Privilege Escalation

n8n is a n8n Workflow Automation Tool

Affected versions of this package are vulnerable to Privilege Escalation when the updateCurrentUser method of the MeController class does not perform sufficient checks before merging a user object with an object controlled by the user. Exploiting this vulnerability allows an authenticated user to add any attribute in the object sent in the HTTP request body, so it would be merged in the user object without validation.

How to fix Privilege Escalation?

Upgrade n8n to version 0.216.1 or higher.

<0.216.1