Sm1Ee

**Name of the Vulnerable Software and Affected Versions** n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 **Description** A flaw in the SeaTable node's 'row:search' and 'row:get' operations allows user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic. **Recommendations** Update to version 1.123.32. Update to version 2.17.4. Update to version 2.18.1.

Name of the Vulnerable Software and Affected Versions Rack::Session versions 2.0.0 through 2.1.1 Description Rack::Session is a session management implementation for Rack. Versions 2.0.0 through 2.1.1 incorrectly handle decryption failures when configured with secrets. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie. This allows an unauthenticated attacker to supply a crafted session cookie that is accepted as valid session data without knowledge of any configured secret. An attacker can manipulate session contents and potentially gain unauthorized access. Recommendations Update Rack::Session to version 2.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Traefik versions prior to 2.11.38 and 3.6.9 **Description** Traefik, an HTTP reverse proxy and load balancer, has a potential issue in how it manages responses from the ForwardAuth middleware. When configured to use ForwardAuth, the response body from the authentication server is read entirely into memory without any size limit. The absence of a `maxResponseBodySize` configuration allows an attacker to send an unexpectedly large or unbounded response body, potentially causing Traefik to allocate unlimited memory and crash due to an out-of-memory (OOM) condition. This results in a denial of service for all routes served by the affected Traefik instance. A proof-of-concept demonstrates that a malicious authentication server can cause Traefik to allocate gigabytes of memory, leading to a complete service outage. **Recommendations** Traefik versions prior to 2.11.38 must be updated. Traefik versions prior to 3.6.9 must be updated.