n8n SeaTable Node SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the SeaTable node of n8n, an open-source workflow automation platform. This issue affects versions prior to 1.123.32, 2.17.4, and 2.18.1. The vulnerability arises in the 'row:search' and 'row:get' operations, where user-controlled input can be directly concatenated into SQL query strings without proper escaping or parameterization. As a result, an attacker could manipulate the SQL query to retrieve unintended rows from the connected SeaTable base, bypassing any row-level filtering applied in the workflow. Exploitation requires that external user input be passed through expressions into the SeaTable node's search or row retrieval parameters.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate SQL queries and potentially access or modify data inappropriately. In this case, it could be used to bypass row-level filtering in SeaTable, accessing unintended rows.

Remediation

Users can upgrade to n8n versions 1.123.32, 2.17.4, or 2.18.1 to address this vulnerability. If an immediate upgrade is not possible, consider limiting workflow permissions to trusted users, disabling the SeaTable node by excluding it in the 'NODES_EXCLUDE' environment variable, or avoiding the use of unvalidated external input in SeaTable node parameters.