critical security patch 2.17.5
-
Hello,
I just got this notification from the N8N security team regarding several issues, one of them beeing a 10/10 CVE that the current Cloudron package is vulnerable to:- critical |** XML Node Prototype Pollution to RCE** ( GHSA-hqr4-h3xv-9m3r )
- critical |** Prototype Pollution in XML Webhook Body Parser Leads to RCE** ( GHSA-q5f4-99jv-pgg5 )
- high |** Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay** ( GHSA-r4v6-9fqc-w5jr )
- high |** Python Task Runner Sandbox Escape** ( GHSA-44v6-jhgm-p3m4 )
- high |** XSS via MCP OAuth client** ( GHSA-537j-gqpc-p7fq )
- high |** Unauthenticated Denial of Service via MCP Client Registration** ( GHSA-49m9-pgww-9vq6 )
Please update the package to 2.17.5 as soon as possible.
Best,
Dominik -
the update is live, thanks!
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login