GHSA-MQPR-49JJ-32RC n8n: Webhook Forgery on Github Webhook Trigger
Impact An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliverie...