VDB
KO
HIGH

GHSA-mhrx-qhrj-673w

n8n Has a Source Control Pull SQL Injection

Details

## Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection on the internal PostgreSQL instance.

Exploitation requires all of the following conditions: - The n8n instance uses PostgreSQL as its database backend. - The Source Control feature is enabled and connected to a repository the attacker can write to. - An administrator triggers a Source Control Pull.

## Patches The issue has been fixed in n8n version 1.123.43, 2.20.7, and 2.21.1. Users should upgrade to this version or later to remediate the vulnerability.

## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Disable the Source Control feature if it is not actively required. - Restrict write access to the connected git repository to fully trusted users only. - Avoid pulling from repositories that may have been modified by untrusted parties.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / n8n
Introduced in: 0 Fixed in: 1.123.43
Fix npm install n8n@1.123.43
npm / n8n
Introduced in: 2.21.0 Fixed in: 2.21.1
Fix npm install n8n@2.21.1
npm / n8n
Introduced in: 2.0.0-rc.0 Fixed in: 2.20.7
Fix npm install n8n@2.20.7

References