User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the GitHub Webhook Trigger component. An attacker can trigger unauthorized workflow executions by sending unsigned POST requests to the webhook endpoint, thereby injecting...

n8n: Webhook Forgery on Github Webhook Trigger

Impact An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliverie...

Missing Authorization

Overview github-webhook-server is an A webhook server to manage Github repositories and pull requests. Affected versions of this package are vulnerable to Missing Authorization via unsafe loading of OWNERS files from pull-request–controlled repository checkouts. The...

Malicious code in github-webhook-ip-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f79e9ee6cff5a23b100ddebd86bfed06e6f9f7c3179df1ff6f0667b0a833ffef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11986 Malicious code in github-webhook-ip-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f79e9ee6cff5a23b100ddebd86bfed06e6f9f7c3179df1ff6f0667b0a833ffef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

GHSA-9C5W-9Q3F-3HV7 Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

PT-2024-25695 · Minder · Minder

Name of the Vulnerable Software and Affected Versions: Minder versions prior to 0.0.48 Description: Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is...

Minder 安全漏洞

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in Minder versions prior to 0.0.48 that stems from the Github Webhook handler being...

CVE-2023-50728 Unauthenticated Denial of Service in the octokit/webhooks library

octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request w...