GHSA-pr9r-gxgp-9rm8

Suggest an improvement
Source
https://github.com/advisories/GHSA-pr9r-gxgp-9rm8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-pr9r-gxgp-9rm8/GHSA-pr9r-gxgp-9rm8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pr9r-gxgp-9rm8
Aliases
Published
2025-07-03T14:06:01Z
Modified
2025-07-03T16:20:44Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests
Details

Summary

Denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://).

Impact

This is a Denial of Service (DoS) vulnerability that allows authenticated attackers to cause service unavailability through malformed filesystem URI requests. The vulnerability affects:

  • The /rest/binary-data endpoint
  • n8n.cloud instances (confirmed HTTP/2 524 timeout responses)

Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption.

Patches

The issue has been patched in 1.99.0. All users should upgrade to this version or later.

The fix introduces strict checking of URI patterns.

Patch commit: https://github.com/n8n-io/n8n/pull/16229

Database specific
{
    "github_reviewed_at": "2025-07-03T14:06:01Z",
    "github_reviewed": true,
    "nvd_published_at": "2025-07-03T13:15:28Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE"
}
References

Affected packages

npm / n8n

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.99.0