CRITICAL

GHSA-wrwr-h859-xh2r

n8n Has an XML Node Prototype Pollution Patch Bypass

Details

## Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host.

## Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only. - Disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

--- n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / n8n

Introduced in: 0 Fixed in: 1.123.43

Fix npm install n8n@1.123.43

npm / n8n

Introduced in: 2.21.0 Fixed in: 2.22.1

Fix npm install n8n@2.22.1

npm / n8n

Introduced in: 2.0.0-rc.0 Fixed in: 2.20.7

Fix npm install n8n@2.20.7

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-wrwr-h859-xh2r [WEB]
https://github.com/advisories/GHSA-hqr4-h3xv-9m3r [ADVISORY]
https://github.com/n8n-io/n8n [PACKAGE]