Hi Everyone
I’ve got a few vulnerability issues on dependencies on my N8N (1.64.1) Hosted (docker) on my security checks process. I’d try to update them with “npm install” during the building process, but got no lucky with some of them…
I’m using the baseline from “n8nio/base”
Here is the list:
CVE Risk Package Type Location
CVE-2024-29415 High ip Npm /usr/local/lib/node_modules/npm/node_modules/ip/package.json
CVE-2022-25883 High semver Npm /usr/local/lib/node_modules/n8n/node_modules/utf7/node_modules/semver/package.json
CVE-2024-4367 High pdfjs-dist Npm /usr/local/lib/node_modules/n8n/node_modules/pdfjs-dist/package.json
CVE-2024-28863 Medium tar Npm /usr/local/lib/node_modules/npm/node_modules/tar/package.json
CVE-2024-35255 Medium @azure/identity Npm /usr/local/lib/node_modules/n8n/node_modules/tedious/node_modules/@azure/identity/package.json
CVE-2024-43796 Medium express Npm /usr/local/lib/node_modules/n8n/node_modules/express/package.json
CVE-2023-42282 Low ip Npm /usr/local/lib/node_modules/npm/node_modules/ip/package.json
CVE-2024-47764 Low cookie Npm /usr/local/lib/node_modules/n8n/node_modules/curlconverter/node_modules/cookie/package.json
CVE-2024-9143 Unknown openssl OS OS
Anyone knows if there is an easy way to solve this?
Information on your n8n setup
- n8n version: 1.64.1
- Database (default: SQLite): postgre
- n8n EXECUTIONS_PROCESS setting (default: own, main): own
- Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
- Operating system: Linux