n8n Python Task Executor Sandbox Escape Vulnerability Allowing Arbitrary Code Execution

A vulnerability exists in n8n's Python task executor that allows authenticated users with basic permissions to bypass sandbox restrictions and execute arbitrary Python code on the underlying operating system. This issue arises from improper exception handling and string formatting, which can be exploited through the Code block. The vulnerability has different impacts depending on the execution mode: it can lead to a complete takeover of the n8n instance in 'Internal' mode, while in 'External' mode (such as when using n8n's official Docker image), the arbitrary code execution occurs within a Sidecar container, limiting the impact.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the host operating system. In 'Internal' execution mode, this could lead to a full takeover of the n8n instance. However, in 'External' mode, the code execution is confined to a Sidecar container, which significantly reduces the potential impact.

Reproduction

To reproduce this vulnerability, an authenticated user with basic permissions can create a 'Python (Native)' Code block in n8n. The vulnerability can be exploited by using a crafted string that manipulates exception handling to access and execute arbitrary code. For example, the exploitation involves raising an exception, capturing its traceback, and using it to access Python's built-in functions, such as importing modules like 'os' to execute commands on the host system.

Remediation

Users can update to n8n versions 2.3.6 or 2.4.3 and later, where this vulnerability has been fixed.