Miggo Logo
Miggo Vulnerability Database
CVE-2023-27562

CVE-2023-27562:
n8n Directory Traversal vulnerability

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-27562
GHSA ID
GHSA-p58x-7733-vp9m
EPSS Score
0.77122%
CWE
CWE-22
Published
5/10/2023
Updated
11/27/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
n8nnpm< 0.216.10.216.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper path sanitization in BinaryDataManager. The pre-patch versions used path.join() with user-controlled input (identifier parameter) without validation(). The commit introduced resolveStoragePath() to check for path traversal attempts. The getBinaryPath and getMetadataPath functions were directly vulnerable as they handled user-supplied identifiers and constructed file paths without preventing directory traversal sequences. The high confidence comes from the explicit path traversal checks added in the patch and CWE-22 mapping in the advisory.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** n*n p**k*** prior to v*rsion *.***.* *or No**.js *llows *ir**tory Tr*v*rs*l.

Reasoning

T** vuln*r**ility st*mm** *rom improp*r p*t* s*nitiz*tion in `*in*ry**t*M*n***r`. T** pr*-p*t** v*rsions us** `p*t*.join()` wit* us*r-*ontroll** input (i**nti*i*r p*r*m*t*r) wit*out `v*li**tion()`. T** *ommit intro*u*** `r*solv*Stor***P*t*()` to ****