The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Allocation of Resources Without Limits or Throttling vulnerabilities in an interactive lesson.
Start learningUpgrade n8n to version 1.123.58, 2.28.0 or higher.
n8n is a n8n Workflow Automation Tool
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the MulterUploadMiddleware in the data-table upload path. An authenticated user can repeatedly upload CSV files to the data-table endpoint by sending requests that are accepted by the per-request file-size check but do not account for files already written to the shared temporary upload directory. Those orphaned uploads accumulate on disk until cleanup runs, allowing the attacker to consume the host’s temporary storage and disrupt file uploads and other operations that depend on available disk space.
Notes
MulterUploadMiddleware rather than generic file uploads elsewhere in n8n.Workarounds
uploadMaxFileSize to a low value; this limits the size of each individual upload and reduces how quickly a user can consume temporary disk space with repeated uploads.