Skip to content

Commit 94bb1e7

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-4ggg-h7ph-26qr GHSA-hwr4-mq23-wcv5 GHSA-wpwf-v25w-54g3 GHSA-xrw6-gwf8-vvr9
1 parent a6f6011 commit 94bb1e7

File tree

4 files changed

+257
-6
lines changed

4 files changed

+257
-6
lines changed

advisories/github-reviewed/2026/04/GHSA-4ggg-h7ph-26qr/GHSA-4ggg-h7ph-26qr.json

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4ggg-h7ph-26qr",
4+
"modified": "2026-04-08T19:53:48Z",
5+
"published": "2026-04-08T19:53:48Z",
6+
"aliases": [],
7+
"summary": "n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode",
8+
"details": "## Impact\nAn authenticated Server-Side Request Forgery in `n8n-mcp` allows a caller holding a valid `AUTH_TOKEN` to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the contents of any URL the server can reach — including cloud instance metadata endpoints (AWS IMDS, GCP, Azure, Alibaba, Oracle), internal network services, and any other host the server process has network access to.\n\nThe primary at-risk deployments are multi-tenant HTTP installations where more than one operator can present a valid `AUTH_TOKEN`, or where a token is shared with less-trusted clients. Single-tenant stdio deployments and HTTP deployments without multi-tenant headers are not affected.\n\n## Affected versions\n`n8n-mcp` ≤ `2.47.3` (all versions up to and including 2.47.3).\n\n## Patched versions\n`n8n-mcp` `2.47.4` and later.\n\n## Workarounds\nIf you cannot immediately upgrade:\n1. **Egress filtering at the network layer** — block outbound traffic from the `n8n-mcp` container to RFC1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local `169.254.0.0/16`, and any other internal ranges. This defends against any future SSRF-class issue and is recommended even after upgrading.\n2. **Disable multi-tenant headers** — if your deployment does not require per-request instance switching, unset `ENABLE_MULTI_TENANT` and do not accept `x-n8n-url` / `x-n8n-key` headers at the reverse proxy.\n3. **Restrict `AUTH_TOKEN` distribution** — ensure the bearer token is only held by fully trusted operators until you can upgrade.\n\n## Remediation\nUpgrade to `n8n-mcp` 2.47.4 or later. No configuration changes are required; the fix adds validation at the URL entry points and normalizes URLs at the API client layer.\n\n## Credits\nReported by the Eresus Security Research Team. @ibrahmsql",
9+
"severity": [
10+
{
11+
"type": "CVSS_V3",
12+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "npm",
19+
"name": "n8n-mcp"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "0"
27+
},
28+
{
29+
"fixed": "2.47.4"
30+
}
31+
]
32+
}
33+
],
34+
"database_specific": {
35+
"last_known_affected_version_range": "<= 2.47.3"
36+
}
37+
}
38+
],
39+
"references": [
40+
{
41+
"type": "WEB",
42+
"url": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-4ggg-h7ph-26qr"
43+
},
44+
{
45+
"type": "WEB",
46+
"url": "https://github.com/czlonkowski/n8n-mcp/commit/d9d847f230923d96e0857ccecf3a4dedcc9b0096"
47+
},
48+
{
49+
"type": "PACKAGE",
50+
"url": "https://github.com/czlonkowski/n8n-mcp"
51+
},
52+
{
53+
"type": "WEB",
54+
"url": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.47.4"
55+
}
56+
],
57+
"database_specific": {
58+
"cwe_ids": [
59+
"CWE-918"
60+
],
61+
"severity": "HIGH",
62+
"github_reviewed": true,
63+
"github_reviewed_at": "2026-04-08T19:53:48Z",
64+
"nvd_published_at": null
65+
}
66+
}

advisories/github-reviewed/2026/04/GHSA-hwr4-mq23-wcv5/GHSA-hwr4-mq23-wcv5.json

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hwr4-mq23-wcv5",
4+
"modified": "2026-04-08T19:53:20Z",
5+
"published": "2026-04-08T19:53:20Z",
6+
"aliases": [],
7+
"summary": "mercure has Topic Selector Cache Key Collision",
8+
"details": "### Impact\n\nA cache key collision vulnerability in `TopicSelectorStore` allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones.\n\nThe cache key was constructed by concatenating the topic selector and topic with an underscore separator:\n\n```go\nk = \"m_\" + topicSelector + \"_\" + topic\n```\n\nBecause both topic selectors and topics can contain underscores, two distinct pairs can produce the same key:\n\n```\nselector=\"foo_bar\" topic=\"baz\" → key: \"m_foo_bar_baz\"\nselector=\"foo\" topic=\"bar_baz\" → key: \"m_foo_bar_baz\"\n```\n\nAn attacker who can subscribe to the hub or publish updates with crafted topic names can exploit this to bypass authorization checks on private updates.\n\n### Patches\n\nThe vulnerability is fixed by replacing string-encoded cache keys with typed Go struct keys that are inherently collision-free:\n\n```go\ntype matchCacheKey struct {\n topicSelector string\n topic string\n}\n```\n\nThe internal `TopicSelectorStoreCache` interface and sharded cache abstraction have also been removed in favor of a single typed otter cache.\n\nUsers should upgrade to version **0.22.0** or later.\n\n### Workarounds\n\nDisable the topic selector cache by setting `topic_selector_cache` to `-1` in the Caddyfile, or by passing a cache size of `0` when using the library directly. This eliminates the vulnerability at the cost of reduced performance.",
9+
"severity": [
10+
{
11+
"type": "CVSS_V4",
12+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "Go",
19+
"name": "github.com/dunglas/mercure"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "0"
27+
},
28+
{
29+
"fixed": "0.22.0"
30+
}
31+
]
32+
}
33+
]
34+
}
35+
],
36+
"references": [
37+
{
38+
"type": "WEB",
39+
"url": "https://github.com/dunglas/mercure/security/advisories/GHSA-hwr4-mq23-wcv5"
40+
},
41+
{
42+
"type": "WEB",
43+
"url": "https://github.com/dunglas/mercure/commit/4964a69be904fd61e35b5f1e691271663b6fdd64"
44+
},
45+
{
46+
"type": "PACKAGE",
47+
"url": "https://github.com/dunglas/mercure"
48+
},
49+
{
50+
"type": "WEB",
51+
"url": "https://github.com/dunglas/mercure/releases/tag/v0.22.0"
52+
}
53+
],
54+
"database_specific": {
55+
"cwe_ids": [
56+
"CWE-1289"
57+
],
58+
"severity": "HIGH",
59+
"github_reviewed": true,
60+
"github_reviewed_at": "2026-04-08T19:53:20Z",
61+
"nvd_published_at": null
62+
}
63+
}

advisories/unreviewed/2026/04/GHSA-wpwf-v25w-54g3/GHSA-wpwf-v25w-54g3.json renamed to advisories/github-reviewed/2026/04/GHSA-wpwf-v25w-54g3/GHSA-wpwf-v25w-54g3.json

Lines changed: 27 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-wpwf-v25w-54g3",
4-
"modified": "2026-04-07T21:32:40Z",
4+
"modified": "2026-04-08T19:52:44Z",
55
"published": "2026-04-07T21:32:40Z",
66
"aliases": [
77
"CVE-2026-5739"
88
],
9+
"summary": "PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection",
910
"details": "A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.",
1011
"severity": [
1112
{
@@ -14,10 +15,30 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "Maven",
25+
"name": "tech.powerjob:powerjob-server-starter"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "5.1.0"
33+
},
34+
{
35+
"last_affected": "5.1.2"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
@@ -28,7 +49,7 @@
2849
"url": "https://github.com/PowerJob/PowerJob/issues/1168"
2950
},
3051
{
31-
"type": "WEB",
52+
"type": "PACKAGE",
3253
"url": "https://github.com/PowerJob/PowerJob"
3354
},
3455
{
@@ -49,8 +70,8 @@
4970
"CWE-74"
5071
],
5172
"severity": "MODERATE",
52-
"github_reviewed": false,
53-
"github_reviewed_at": null,
73+
"github_reviewed": true,
74+
"github_reviewed_at": "2026-04-08T19:52:44Z",
5475
"nvd_published_at": "2026-04-07T20:16:34Z"
5576
}
5677
}

advisories/github-reviewed/2026/04/GHSA-xrw6-gwf8-vvr9/GHSA-xrw6-gwf8-vvr9.json

Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-xrw6-gwf8-vvr9",
4+
"modified": "2026-04-08T19:52:58Z",
5+
"published": "2026-04-08T19:52:58Z",
6+
"aliases": [],
7+
"summary": "Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service",
8+
"details": "Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that cause unhandled exceptions on the SynchronizationContext.\n\n### Patches\n\nThe vulnerabilities are fixed in version 0.92.0.\nFor Tmds.DBus.Protocol, the fixes are also backported to 0.21.3.\n\n### Workarounds\n\nThere are no known workarounds. Users should upgrade to a patched version.",
9+
"severity": [
10+
{
11+
"type": "CVSS_V3",
12+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "NuGet",
19+
"name": "Tmds.DBus"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "0"
27+
},
28+
{
29+
"fixed": "0.92.0"
30+
}
31+
]
32+
}
33+
]
34+
},
35+
{
36+
"package": {
37+
"ecosystem": "NuGet",
38+
"name": "Tmds.DBus.Protocol"
39+
},
40+
"ranges": [
41+
{
42+
"type": "ECOSYSTEM",
43+
"events": [
44+
{
45+
"introduced": "0"
46+
},
47+
{
48+
"fixed": "0.21.3"
49+
}
50+
]
51+
}
52+
]
53+
},
54+
{
55+
"package": {
56+
"ecosystem": "NuGet",
57+
"name": "Tmds.DBus.Protocol"
58+
},
59+
"ranges": [
60+
{
61+
"type": "ECOSYSTEM",
62+
"events": [
63+
{
64+
"introduced": "0.22.0"
65+
},
66+
{
67+
"fixed": "0.92.0"
68+
}
69+
]
70+
}
71+
]
72+
}
73+
],
74+
"references": [
75+
{
76+
"type": "WEB",
77+
"url": "https://github.com/tmds/Tmds.DBus/security/advisories/GHSA-xrw6-gwf8-vvr9"
78+
},
79+
{
80+
"type": "PACKAGE",
81+
"url": "https://github.com/tmds/Tmds.DBus"
82+
},
83+
{
84+
"type": "WEB",
85+
"url": "https://github.com/tmds/Tmds.DBus/releases/tag/rel%2F0.21.3"
86+
},
87+
{
88+
"type": "WEB",
89+
"url": "https://github.com/tmds/Tmds.DBus/releases/tag/rel%2F0.92.0"
90+
}
91+
],
92+
"database_specific": {
93+
"cwe_ids": [
94+
"CWE-400"
95+
],
96+
"severity": "HIGH",
97+
"github_reviewed": true,
98+
"github_reviewed_at": "2026-04-08T19:52:58Z",
99+
"nvd_published_at": null
100+
}
101+
}

0 commit comments

Comments
 (0)