Latest News

### Impact An authentication bypass in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were not verified against this secret. As a result, any HTTP client that knows the webhook URL could send a POST request containing a matching event `type`, causing the workflow to execute as if a legitimate Stripe event had been received. This issue affects n8n users who have active workflows using the Stripe Trigger node. An attacker could potentially fake payment or subscription events and influence downstream workflow behavior. The practical risk is reduced by the fact that the webhook URL contains a high-entropy UUID; however, authenticated n8n users with access to the workflow can view this webhook ID. ### Patches The issue has been fixed in n8n version 2.2.2. Users should upgrade to thi...

### Summary Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSRF). An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal addresses (e.g., localhost, private RFC1918 ranges, or link-local metadata endpoints). Requesting the resulting `/proxy/...` URL makes Miniflux fetch and return the internal response. ### Details - **Vulnerable route**: `GET /proxy/{encodedDigest}/{encodedURL}` (accessible without authentication, but requires a server-generated HMAC-signed URL) - **Handler**: `internal/ui/proxy.go` (`(*handler).mediaProxy`) - **Trigger**: entry content is rewritten to proxy media URLs (e.g., `mediaproxy.RewriteDocumentWithAbsoluteProxyURL(...)`), producing signed `/proxy/...` URLs. - **Root cause**: the proxy validates the URL scheme and HMAC signature, but does not restrict target hosts/IPs. As a result...

### Impact A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. ### Patches The issue has been fixed in n8n version 1.121.0. Users should upgrade to this version or later to remediate the vulnerability. ### Workarounds No official workarounds are available. As a temporary mitigation, users may restrict or disable publicly accessible webhook and form endpoints until upgrading.

### Impact urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.6.2/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. However, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client (high C...

# pnpm v10+ Git Dependency Script Execution Bypass ### Summary A security bypass vulnerability in pnpm v10+ allows git-hosted dependencies to execute arbitrary code during `pnpm install`, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks `postinstall` scripts via the `onlyBuiltDependencies` mechanism, git dependencies can still execute `prepare`, `prepublish`, and `prepack` scripts during the fetch phase, enabling remote code execution without user consent or approval. ### Details pnpm v10 introduced a security feature to disable dependency lifecycle scripts by default ([PR #8897](https://github.com/pnpm/pnpm/pull/8897)). This is implemented by setting `onlyBuiltDependencies = []` when no build policy is configured: **File:** `pkg-manager/core/src/install/extendInstallOptions.ts` (lines 290-291) ```typescript if (opts.neverBuiltDependencies == null && opts.onlyBuiltDependencies == null && opts.onlyBuiltDepend...

### Summary HTTP tarball dependencies (and git-hosted tarballs) are stored in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. ### Details When a package depends on an HTTP tarball URL, pnpm's tarball resolver returns only the URL without computing an integrity hash: `resolving/tarball-resolver/src/index.ts`: ```javascript return { resolution: { tarball: resolvedUrl, // No integrity field }, resolvedVia: 'url', } ``` The resulting lockfile entry has no integrity to verify: ```yaml remote-dynamic-dependency@http://example.com/pkg.tgz: resolution: {tarball: http://example.com/pkg.tgz} version: 1.0.0 ``` Since there is no integrity hash, pnpm cannot detect when the server returns different content. This affects: - HTTP/HTTPS tarball URLs (`"pkg": "https://example.com/pkg.tgz"`) - Git shorthand dependencies (`"pkg": "github:user/repo"`) - Git URLs (`"pkg": "git+https...

## Summary A command injection vulnerability exists in pnpm when using environment variable substitution in `.npmrc` configuration files with `tokenHelper` settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution (RCE) in build environments. ## Affected Components - **Package**: pnpm - **Versions**: All versions using `@pnpm/config.env-replace` and `loadToken` functionality - **File**: `pnpm/network/auth-header/src/getAuthHeadersFromConfig.ts` - `loadToken()` function - **File**: `pnpm/config/config/src/readLocalConfig.ts` - `.npmrc` environment variable substitution ## Technical Details ### Vulnerability Chain 1. **Environment Variable Substitution** - `.npmrc` supports `${VAR}` syntax - Substitution occurs in `readLocalConfig()` 2. **loadToken Execution** - Uses `spawnSync(helperPath, { shell: true })` - Only validates absolute path existence 3. **Attack Flow** ``` .npmrc: registry.npmjs.org/:tokenHelpe...

### Summary A malformed gRPC `GetMetrics` request causes `get_metrics` to `unwrap()` failed deserialization of `metric_type`/`opts`, panicking the handler thread and enabling remote denial of service of the metrics endpoint. ### Details - Vulnerable code: `rustfs/src/storage/tonic_service.rs:1775-1782`: - `MetricType` and `CollectMetricsOpts` are deserialized with `Deserialize::deserialize(...).unwrap()` from client-supplied bytes. - Malformed `metric_type`/`opts` (e.g., empty or truncated rmp-serde payloads) trigger `InvalidMarkerRead` and panic. - Reachability: same TCP listener as S3 (default `:9000`); only a static interceptor token `authorization: rustfs rpc` is checked in `server/http.rs:677`. - Impact scope: panic terminates the worker handling the request, causing metrics service interruption and potential process instability. ### PoC [rustfs-grpc-metrics-invalid-metric-type-panic-poc.tar.gz](https://github.com/user-attachments/files/24038341/rustfs-grpc-metrics-invalid-...

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed functions use path.resolve() which does not handle symlinks, allowing attackers to bypass directory access restrictions by creating symlinks within allowed directories that point to restricted system paths. When these symlinks are accessed through valid path references, the validation checks are circumvented, enabling access to unauthorized files.

A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.