Espanda666

**Name of the Vulnerable Software and Affected Versions** n8n versions prior to 1.123.33 n8n versions prior to 2.17.5 **Description** An issue in the 'dynamic-node-parameters' endpoints allows an authenticated user with access to a shared workflow to supply a foreign credential ID in the request body. Because the system fails to verify if the caller is authorized to use the supplied credential reference, the backend decrypts and uses that credential in a helper execution path where the caller also controls the destination URL. This enables the caller to force the backend to authenticate against attacker-controlled infrastructure using a credential belonging to another user, leading to the exfiltration of reusable API keys. This issue affects any node that resolves credentials dynamically through these endpoints. **Recommendations** Update to version 1.123.33 or newer. Update to version 2.17.5 or newer.

**Name of the Vulnerable Software and Affected Versions** Flowise versions prior to 3.1.0 **Description** Multiple tool implementations bypass the centralized HTTP security wrapper (`httpSecurity.ts`), which is designed to provide Server-Side Request Forgery (SSRF) protections through deny-list validation, IP resolution validation, IP pinning, and loopback blocking. Instead of using this secured wrapper, certain tools directly import and invoke raw HTTP clients such as `node-fetch` and `axios`. This architectural failure allows outbound requests to be executed without validation, enabling access to internal network resources and the potential theft of cloud metadata and credentials. The affected components include `OpenAPIToolkit.ts`, `WebScraperTool.ts`, `MCP/core.ts`, and `Arxiv/core.ts`. **Recommendations** Update to version 3.1.0. As a temporary workaround, restrict access to the `OpenAPIToolkit`, `WebScraperTool`, `MCP`, and `Arxiv` tools to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RAGFlow versions prior to 0.23.1 **Description** RAGFlow, an open-source RAG (Retrieval-Augmented Generation) engine, is affected by a "Zip Slip" issue in the MinerU parser. This allows an attacker to overwrite arbitrary files on the server, potentially leading to Remote Code Execution (RCE) through a malicious ZIP archive. The vulnerability resides in the ` extract zip no root` function, which fails to sanitize filenames within the ZIP archive. Approximately 3,000 instances are reportedly exposed. The vulnerability is present in version 0.23.1 and potentially earlier versions. The MinerUParser class retrieves and extracts ZIP files from an external source using the `mineru server url`. **Recommendations** Versions prior to 0.23.1 should be updated to version 0.23.1 or later.