🏫 MY COURSES
Sign-up for my FREE 3-Day C Course: https://lowlevel.academy

🧙‍♂️ HACK YOUR CAREER
Wanna learn to hack? Join my new CTF platform: https://stacksmash.io

🔥COME HANG OUT   
Check out my other stuff: https://lowlevel.tv

Low Level Learning

Three critical vulnerabilities (all rated 9.9+) were discovered in n8n, a workflow automation platform. All three allow authenticated attackers to achieve remote code execution: one through improper control of dynamically managed code using constructor injection, another via sandbox bypass in the Python code node using Pyodide, and a third through unrestricted file upload in the git node. The core issue stems from the difficulty of properly sandboxing arbitrary code execution across multiple workflow nodes, especially when using blacklist-based rather than whitelist-based security approaches.

sounds about right.