Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
n8n Arbitrary File Write leading to RCE in n8n Merge Node
Vulnerability Description
n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
n8n 安全漏洞
Vulnerability Description
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.118.0之前版本和2.4.0之前版本存在安全漏洞,该漏洞源于Merge节点的SQL查询模式存在漏洞,可能导致写入任意文件和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A