漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint
Vulnerability Description
n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
n8n 资源管理错误漏洞
Vulnerability Description
n8n是n8n公司开源的一个可扩展的工作流自动化工具。 n8n 2.28.0之前版本和1.123.58之前版本存在资源管理错误漏洞,该漏洞源于data-table文件上传端点中每个请求的配额检查未考虑已写入共享临时目录的文件,可能导致经过身份验证的用户重复上传文件,直到定期清理运行前在磁盘上累积,从而耗尽主机上的可用磁盘空间。
CVSS Information
N/A
Vulnerability Type
N/A