n8n@0.215.2 vulnerabilities

n8n Workflow Automation Tool

Known vulnerabilities in the n8n package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Directory Traversal n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Directory Traversal via the `/rest/credential-translation` endpoint, due to improper input validation passed into the `credentialType` argument of the `getCredentialTranslationPath` function. How to fix Directory Traversal? Upgrade `n8n` to version 0.216.1 or higher.	<0.216.1
M Authentication Bypass n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Authentication Bypass due to loose condition in `auth.ts`, which allows any user to send requests to an endpoint as long as request includes `.svg`. Exploiting this vulnerability might be escalated to directory traversal. How to fix Authentication Bypass? Upgrade `n8n` to version 0.216.1 or higher.	<0.216.1
H Privilege Escalation n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Privilege Escalation when the `updateCurrentUser` method of the `MeController` class does not perform sufficient checks before merging a user object with an object controlled by the user. Exploiting this vulnerability allows an authenticated user to add any attribute in the object sent in the HTTP request body, so it would be merged in the user object without validation. How to fix Privilege Escalation? Upgrade `n8n` to version 0.216.1 or higher.	<0.216.1