n8n Git Node Path Traversal Vulnerability
A security vulnerability in the Git node allowed authenticated users with workflow creation/modification permissions to bypass the N8N_RESTRICT_FILE_ACCESS_TO s
What changed
A security vulnerability in the Git node allowed authenticated users with workflow creation/modification permissions to bypass the N8N_RESTRICT_FILE_ACCESS_TO sandbox by supplying local filesystem paths as source/target repositories, enabling unauthorized reading of local git repositories.
Who it affects
n8n instances where authenticated users have permission to create or modify workflows, and where the Git node is enabled.
What to do today
Upgrade n8n to version 1.123.48, 2.21.8, or 2.22.4. If immediate upgrade is not possible, restrict workflow creation/edit permissions to trusted users and disable the Git node via NODES_EXCLUDE.