The Core Issue: I investigated a critical flaw within the platform’s Git node that permits an attacker to run arbitrary system-level commands and inappropriately access files. Potential Damage: Anyone possessing valid authentication and workflow creation privileges could leverage this bug to completely compromise the underlying n8n server or siphon confidential data. The Resolution: The maintainers…

This is my journey on understand HTTP Trailer into more depth. To start lets go back when HTTP/1.1 introduced chunked transfer encoding, when it did, it brought along a relatively obscure feature known as “HTTP trailers.” This mechanism allows clients or servers to append extra header fields after the main message body has been transmitted.…

It is always a profoundly frustrating day in security research when you do everything right: you discover a critical vulnerability, you responsibly disclose it to a major vendor with a clear proof-of-concept, you offer remediation advice, and you wait. You wait through the standard 90-day disclosure window, only to be met with complete radio silence.…