n8n 0.4.0 vulnerabilities

Known vulnerabilities in the n8n package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via a lack of MIME type validation on uploaded binary files, which can be controlled through a GET parameter. This allows an authenticated attacker with member-level privileges to upload a crafted HTML file containing malicious code. If another authenticated user visits the binary data endpoint with the MIME type specified as `text/html`, the embedded script will execute within the user's browser session, potentially enabling account takeover, for instance, by initiating an unauthorized email address change. How to fix Cross-site Scripting (XSS)? Upgrade `n8n` to version 1.90.0 or higher.	<1.90.0
M Directory Traversal n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Directory Traversal via the `/rest/credential-translation` endpoint, due to improper input validation passed into the `credentialType` argument of the `getCredentialTranslationPath` function. How to fix Directory Traversal? Upgrade `n8n` to version 0.216.1 or higher.	<0.216.1
M Authentication Bypass n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Authentication Bypass due to loose condition in `auth.ts`, which allows any user to send requests to an endpoint as long as request includes `.svg`. Exploiting this vulnerability might be escalated to directory traversal. How to fix Authentication Bypass? Upgrade `n8n` to version 0.216.1 or higher.	<0.216.1
H Privilege Escalation n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Privilege Escalation when the `updateCurrentUser` method of the `MeController` class does not perform sufficient checks before merging a user object with an object controlled by the user. Exploiting this vulnerability allows an authenticated user to add any attribute in the object sent in the HTTP request body, so it would be merged in the user object without validation. How to fix Privilege Escalation? Upgrade `n8n` to version 0.216.1 or higher.	<0.216.1

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

n8n is a n8n Workflow Automation Tool

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via a lack of MIME type validation on uploaded binary files, which can be controlled through a GET parameter. This allows an authenticated attacker with member-level privileges to upload a crafted HTML file containing malicious code. If another authenticated user visits the binary data endpoint with the MIME type specified as text/html, the embedded script will execute within the user's browser session, potentially enabling account takeover, for instance, by initiating an unauthorized email address change.

How to fix Cross-site Scripting (XSS)?

Upgrade n8n to version 1.90.0 or higher.

<1.90.0

Directory Traversal

n8n is a n8n Workflow Automation Tool

Affected versions of this package are vulnerable to Directory Traversal via the /rest/credential-translation endpoint, due to improper input validation passed into the credentialType argument of the getCredentialTranslationPath function.

How to fix Directory Traversal?

Upgrade n8n to version 0.216.1 or higher.

<0.216.1

Authentication Bypass

n8n is a n8n Workflow Automation Tool

Affected versions of this package are vulnerable to Authentication Bypass due to loose condition in auth.ts, which allows any user to send requests to an endpoint as long as request includes .svg. Exploiting this vulnerability might be escalated to directory traversal.

How to fix Authentication Bypass?

Upgrade n8n to version 0.216.1 or higher.

<0.216.1

Privilege Escalation

n8n is a n8n Workflow Automation Tool

Affected versions of this package are vulnerable to Privilege Escalation when the updateCurrentUser method of the MeController class does not perform sufficient checks before merging a user object with an object controlled by the user. Exploiting this vulnerability allows an authenticated user to add any attribute in the object sent in the HTTP request body, so it would be merged in the user object without validation.

How to fix Privilege Escalation?

Upgrade n8n to version 0.216.1 or higher.

<0.216.1

n8n@0.4.0 vulnerabilities

n8n Workflow Automation Tool

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?