@klardaten/n8n-nodes-datevconnect (>=1.0.1 <=1.0.2), @n8n/task-runner (>=1.37.0 <=1.57.1) +15 more potentially affected by CVE-2026-21877 via n8n-core (>=1.0.0 <=1.120.1)

n8n-core NPM version =1.0.0, =1.0.1, =1.37.0, =1.0.0, =0.1.0, =1.0.1, =0.3.3, =0.3.1, =1.1.0, =0.1.4, =0.4.10, =0.2.0, =0.2.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-21877 Source advisory: SNYK:JS-N8NCORE-14894271...

CVE-2022-3212

::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally:...

CVE-2022-3212

::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally:...

PT-2022-21101 · Axum-Core +1 · Axum-Core +1

Name of the Vulnerable Software and Affected Versions: axum versions ::from request function not setting a limit for the size of the request body by default. This allows a malicious peer to send a very large or infinite body, potentially causing the server to run out of memory and crash. The...