5 matches found
CVE-2026-59206
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...
EUVD-2025-36787
Malicious code in @gitlab-lsp/workflow-api npm...
Malicious code in @gitlab-lsp/workflow-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77c05dd20ff8e2d3c07051d2f1146ac86522b9a72a6964e27122c9dd02d4c7a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-M2MJ-PR4F-H9JP TorchServe ZipSlip
Impact Using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in...
TorchServe ZipSlip
Impact Using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in...