Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
n8n Vulnerable to Command Injection in Community Package Installation
Vulnerability Description
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
n8n 操作系统命令注入漏洞
Vulnerability Description
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 0.187.0版本至1.120.3之前版本存在操作系统命令注入漏洞,该漏洞源于社区包安装功能存在命令注入,可能允许具有管理权限的认证用户在特定条件下在n8n主机上执行任意系统命令。
CVSS Information
N/A
Vulnerability Type
N/A