As announced on Monday, the n8n team has now released three new versions for its popular low-code platform. These fix six security vulnerabilities, two of which are critical and allow remote code execution.
Read more after the ad
The gaps are:
None of the vulnerabilities currently have a CVE ID, which is why we use Github’s own GHSA identifiers.
Patches in three version trees
After all, neither of the two RCE vulnerabilities can be exploited by non-logged in users, but administrators of self-hosted n8n instances should install patches quickly.
The patched versions are:
Read more after the ad
- For version tree 1.x: 1.123.33
- For the “Stable” version tree: 2.17.5
- For the “beta” version tree: 2.18.1
n8n is a popular tool for process automation, but can also be used for security operations. The project has been plagued by serious security vulnerabilities for months, which are being actively exploited by attackers.
(cku)
