-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| n8n | npm | < 0.216.1 | 0.216.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from improper path sanitization in BinaryDataManager. The pre-patch versions used path.join() with user-controlled input (identifier parameter) without validation(). The commit introduced resolveStoragePath() to check for path traversal attempts. The getBinaryPath and getMetadataPath functions were directly vulnerable as they handled user-supplied identifiers and constructed file paths without preventing directory traversal sequences. The high confidence comes from the explicit path traversal checks added in the patch and CWE-22 mapping in the advisory.