Pawbednarz

**Name of the Vulnerable Software and Affected Versions** n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 **Description** A flaw in the Oracle Database node's select operation allows user-controlled input passed into the `Limit` field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the `Limit` field, such as from a webhook, an attacker could inject arbitrary SQL to exfiltrate data from the connected Oracle database. **Recommendations** Update to version 1.123.32. Update to version 2.17.4. Update to version 2.18.1. As a temporary workaround, avoid passing external input into the `Limit` field of the Oracle Database node.