n8n@0.39.0 vulnerabilities

n8n Workflow Automation Tool

  • latest version

    1.71.3

  • latest non vulnerable version

  • first published

    5 years ago

  • latest version published

    2 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the n8n package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Directory Traversal

    n8n is a n8n Workflow Automation Tool

    Affected versions of this package are vulnerable to Directory Traversal via the /rest/credential-translation endpoint, due to improper input validation passed into the credentialType argument of the getCredentialTranslationPath function.

    How to fix Directory Traversal?

    Upgrade n8n to version 0.216.1 or higher.

    <0.216.1
    • M
    Authentication Bypass

    n8n is a n8n Workflow Automation Tool

    Affected versions of this package are vulnerable to Authentication Bypass due to loose condition in auth.ts, which allows any user to send requests to an endpoint as long as request includes .svg. Exploiting this vulnerability might be escalated to directory traversal.

    How to fix Authentication Bypass?

    Upgrade n8n to version 0.216.1 or higher.

    <0.216.1
    • H
    Privilege Escalation

    n8n is a n8n Workflow Automation Tool

    Affected versions of this package are vulnerable to Privilege Escalation when the updateCurrentUser method of the MeController class does not perform sufficient checks before merging a user object with an object controlled by the user. Exploiting this vulnerability allows an authenticated user to add any attribute in the object sent in the HTTP request body, so it would be merged in the user object without validation.

    How to fix Privilege Escalation?

    Upgrade n8n to version 0.216.1 or higher.

    <0.216.1