c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances.
Npm again.
I mean, that's like saying that software on Android contains vulnerabilities because of the Play Store. n8n itself is a full application that someone's developed, not just a library. n8n being a brand new 'powerful automation' platform is something you'd not want to publish online.
Further to this, as no-one ever seems to read the fucking CVE (in general and not aimed at you) - Exploiting requires an authenticated account! "Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime." This is what you get in a rapidly developed piece of software that has access to low-level APIs