Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. N8N
  3. critical security patch 2.17.5

critical security patch 2.17.5

Scheduled Pinned Locked Moved N8N
2 Posts 1 Posters 18 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    dominikjannis
    wrote last edited by
    #1

    Hello,
    I just got this notification from the N8N security team regarding several issues, one of them beeing a 10/10 CVE that the current Cloudron package is vulnerable to:

    • critical |** XML Node Prototype Pollution to RCE** ( GHSA-hqr4-h3xv-9m3r )
    • critical |** Prototype Pollution in XML Webhook Body Parser Leads to RCE** ( GHSA-q5f4-99jv-pgg5 )
    • high |** Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay** ( GHSA-r4v6-9fqc-w5jr )
    • high |** Python Task Runner Sandbox Escape** ( GHSA-44v6-jhgm-p3m4 )
    • high |** XSS via MCP OAuth client** ( GHSA-537j-gqpc-p7fq )
    • high |** Unauthenticated Denial of Service via MCP Client Registration** ( GHSA-49m9-pgww-9vq6 )

    Please update the package to 2.17.5 as soon as possible.

    Best,
    Dominik

    1 Reply Last reply
    1
    • D Offline
      D Offline
      dominikjannis
      wrote last edited by
      #2

      the update is live, thanks!

      1 Reply Last reply
      2

      Hello! It looks like you're interested in this conversation, but you don't have an account yet.

      Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

      With your input, this post could be even better 💗

      Register Login
      Reply
      • Reply as topic
      Log in to reply
      • Oldest to Newest
      • Newest to Oldest
      • Most Votes


      • Login

      • Don't have an account? Register

      • Login or register to search.
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • Bookmarks
      • Search