漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Vulnerability Description
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
n8n 后置链接漏洞
Vulnerability Description
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.106.0之前版本存在安全漏洞,该漏洞源于Read/Write File节点存在符号链接遍历,可能导致绕过目录限制。
CVSS Information
N/A
Vulnerability Type
N/A