Nnfrog

**Name of the Vulnerable Software and Affected Versions** n8n versions prior to 1.123.17 n8n versions prior to 2.5.2 **Description** n8n is an open-source workflow automation platform. An authenticated user with permission to create or modify workflows can exploit crafted expressions in workflow parameters to trigger system command execution on the host running n8n. This allows for potential full server compromise, including the theft of API keys, credentials, and secrets. The issue stems from an expression escape vulnerability and incomplete AST-based sanitization. Public exploits are available. **Recommendations** Upgrade to n8n version 1.123.17 or later. Upgrade to n8n version 2.5.2 or later. As a temporary workaround, limit workflow creation and editing permissions to fully trusted users only. Deploy n8n in a hardened environment with restricted operating system privileges and network access.

**Name of the Vulnerable Software and Affected Versions** smolagents (affected versions not specified) **Description** Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox enforced by the software. The attack requires a Prompt Injection to trick the agent into creating malicious code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.19.8 and prior activitypub federation versions 0.6.2 and prior Description: The vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request. This is due to insufficient validation of requests on the server-side. An adversary can manipulate the Webfinger hard-coded URL, gaining full control over the GET request domain, path, and port by submitting malicious input. The estimated number of potentially affected devices worldwide is not specified. The Webfinger endpoint takes a remote domain for checking accounts as a feature. However, the library attempts to prevent Localhost access using a mechanism that can be bypassed. There are multiple issues with the current anti-Localhost implementation, including not resolving the domain address supplied by the user, using a simple comparison method for the Localhost check, and filtering only localhost domains without regard for alternative local IP domains or other sensitive domains. An adversary can cause unwanted behaviors using multiple techniques, including gaining control over the query's path, bypassing the domain's restriction using DNS resolving mechanism, and bypassing the domain's restriction using official Fully Qualified Domain Names (FQDNs). Recommendations: For Lemmy versions 0.19.8 and prior, modify the domain validation mechanism to resolve the domain and validate it is not using any invalid IP address. Filter the user's input for any unwanted characters that should not be present on a domain name. Perform checks that make sure the desired request path is the executed path with the same port. Disable automatic HTTP redirect follows on the implemented client. For activitypub federation versions 0.6.2 and prior, apply the same modifications as mentioned above to prevent Server-Side Request Forgery via Webfinger Request. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fedify versions prior to 1.0.14 Fedify versions prior to 1.1.11 Fedify versions prior to 1.2.11 Fedify versions prior to 1.3.4 **Description** This issue allows a user to manipulate the Webfinger mechanism, performing a GET request to any internal resource on any Host, Port, URL combination, regardless of present security mechanisms. This can force the victim's server into an infinite loop, causing Denial of Service. Additionally, it can be manipulated to perform a Blind SSRF attack. The `lookupWebFinger` function is vulnerable, and the `getActorHandle` function is a wrapper for the vulnerable `lookupWebFinger` function. The custom redirect implementation in the `lookupWebFingerInternal` function contains issues, including an endless redirect loop and the possibility of a Blind SSRF attack to any URL with arbitrary Host, Port, and Path. **Recommendations** For Fedify versions prior to 1.0.14, update to version 1.0.14 or later. For Fedify versions prior to 1.1.11, update to version 1.1.11 or later. For Fedify versions prior to 1.2.11, update to version 1.2.11 or later. For Fedify versions prior to 1.3.4, update to version 1.3.4 or later. As a temporary workaround, consider disabling the `lookupWebFinger` function until a patch is available. Restrict access to the vulnerable `getActorHandle` function to minimize the risk of exploitation. Avoid using the `actorId` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AnythingLLM versions prior to commit 08d33cfd8 **Description** AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8, an unauthenticated API route (file export) can allow an attacker to crash the server, resulting in a denial of service attack. The "data-export" endpoint is used to export files using the `filename` parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it, the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. **Recommendations** For AnythingLLM versions prior to commit 08d33cfd8, users are advised to upgrade to a version that includes the fix, as committed in 08d33cfd8. As a temporary workaround, consider disabling the "data-export" endpoint until a patch is available. Restrict access to the endpoint to minimize the risk of exploitation. Avoid using the `filename` parameter in the affected API endpoint until the issue is resolved.