CWE-749
AllowedExposed Dangerous Method or Function
Abstraction: Base · Status: Incomplete
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
304 vulnerabilities reference this CWE, most recent first.
GHSA-H7WP-7Q3V-7M5W
Vulnerability from github – Published: 2024-01-30 21:30 – Updated: 2024-02-08 15:30An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion VirtualUOC and UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
{
"affected": [],
"aliases": [
"CVE-2023-5389"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-30T20:15:45Z",
"severity": "CRITICAL"
},
"details": "\nAn attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion VirtualUOC and UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\u00a0",
"id": "GHSA-h7wp-7q3v-7m5w",
"modified": "2024-02-08T15:30:26Z",
"published": "2024-01-30T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5389"
},
{
"type": "WEB",
"url": "https://process.honeywell.com"
},
{
"type": "WEB",
"url": "https://www.honeywell.com/us/en/product-security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H8WV-X2GQ-WQW9
Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31Microsoft Edge (Chromium-based) Spoofing Vulnerability
{
"affected": [],
"aliases": [
"CVE-2026-45489"
],
"database_specific": {
"cwe_ids": [
"CWE-290",
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T21:17:00Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"id": "GHSA-h8wv-x2gq-wqw9",
"modified": "2026-07-03T21:31:38Z",
"published": "2026-07-03T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45489"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45489"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HFJ7-FPWH-Q5VG
Vulnerability from github – Published: 2023-08-09 00:31 – Updated: 2024-09-27 21:31Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
{
"affected": [],
"aliases": [
"CVE-2023-39214"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668",
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T22:15:10Z",
"severity": "HIGH"
},
"details": "\nExposure of sensitive information in Zoom Client SDK\u0027s before 5.15.5 may allow an authenticated user to enable a denial of service via network access.\n\n",
"id": "GHSA-hfj7-fpwh-q5vg",
"modified": "2024-09-27T21:31:45Z",
"published": "2023-08-09T00:31:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39214"
},
{
"type": "WEB",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPW2-7W94-FF35
Vulnerability from github – Published: 2023-06-13 09:30 – Updated: 2024-04-04 04:46A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.
{
"affected": [],
"aliases": [
"CVE-2023-33921"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-13T09:15:18Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.",
"id": "GHSA-hpw2-7w94-ff35",
"modified": "2024-04-04T04:46:06Z",
"published": "2023-06-13T09:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33921"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Jul/14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQJC-QGF5-4M63
Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-10 18:31Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: ..
{
"affected": [],
"aliases": [
"CVE-2024-13242"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T19:15:18Z",
"severity": "CRITICAL"
},
"details": "Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.",
"id": "GHSA-hqjc-qgf5-4m63",
"modified": "2025-01-10T18:31:39Z",
"published": "2025-01-09T21:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13242"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2024-006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HQPM-5797-2GXF
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the readFileIntoStream method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to disclose information in the context of the current user. Was ZDI-CAN-19657.
{
"affected": [],
"aliases": [
"CVE-2023-39495"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:16Z",
"severity": "MODERATE"
},
"details": "PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the readFileIntoStream method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to disclose information in the context of the current user. Was ZDI-CAN-19657.",
"id": "GHSA-hqpm-5797-2gxf",
"modified": "2024-05-03T03:30:56Z",
"published": "2024-05-03T03:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39495"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1141"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HXG4-C72J-73RF
Vulnerability from github – Published: 2023-11-21 00:30 – Updated: 2023-11-21 00:30When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.
{
"affected": [],
"aliases": [
"CVE-2023-40151"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-21T00:15:06Z",
"severity": "CRITICAL"
},
"details": "\n\n\nWhen user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n\n\n",
"id": "GHSA-hxg4-c72j-73rf",
"modified": "2023-11-21T00:30:27Z",
"published": "2023-11-21T00:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40151"
},
{
"type": "WEB",
"url": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J4P8-H8MH-RH8Q
Vulnerability from github – Published: 2025-12-26 18:26 – Updated: 2025-12-31 00:20Impact
In self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node.
This allows a workflow editor to perform actions on the n8n host with the same privileges as the n8n process, including:
- Reading files from the host filesystem (subject to any file-access restrictions configured on the instance and OS/container permissions)
- Writing files to the host filesystem (subject to the same restrictions)
Starting with n8n version 1.2.1, access to files in the n8n home directory (.n8n) is blocked by default. However, this does not restrict access to other parts of the filesystem unless additional file access limitations are configured.
Patches
- Upgrade to n8n version 2.0.0 or later, where task runners are enabled by default for Code node execution.
- On n8n version 1.71.0 and above, enable task runners by setting
N8N_RUNNERS_ENABLED=true.
Workarounds
If you cannot immediately migrate to task runners:
- Limit file operations by setting
N8N_RESTRICT_FILE_ACCESS_TOto a dedicated directory (e.g.,~/.n8n-files) and ensure it contains no sensitive data. - Keep
N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true(default) to block access to.n8nand user-defined config files. - If workflow editors are not fully trusted, consider disabling high-risk nodes (including the Code node) using
NODES_EXCLUDE.
Resources
- n8n Docs: Task runners
- n8n Docs: Task runner environment variables
- n8n Docs: Security environment variables
- n8n Docs: v2.0 breaking changes
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.1"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68697"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-26T18:26:38Z",
"nvd_published_at": "2025-12-26T22:15:52Z",
"severity": "HIGH"
},
"details": "### Impact\n\nIn self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node.\n\nThis allows a workflow editor to perform actions on the n8n host with the same privileges as the n8n process, including:\n\n- Reading files from the host filesystem (subject to any file-access restrictions configured on the instance and OS/container permissions)\n- Writing files to the host filesystem (subject to the same restrictions)\n\nStarting with n8n version 1.2.1, access to files in the n8n home directory (`.n8n`) is blocked by default. However, this does not restrict access to other parts of the filesystem unless additional file access limitations are configured.\n\n### Patches\n\n- Upgrade to **n8n version 2.0.0 or later**, where task runners are enabled by default for Code node execution.\n- On **n8n version 1.71.0 and above**, enable task runners by setting `N8N_RUNNERS_ENABLED=true`.\n\n### Workarounds\n\nIf you cannot immediately migrate to task runners:\n\n- Limit file operations by setting `N8N_RESTRICT_FILE_ACCESS_TO` to a dedicated directory (e.g., `~/.n8n-files`) and ensure it contains no sensitive data.\n- Keep `N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true` (default) to block access to `.n8n` and user-defined config files.\n- If workflow editors are not fully trusted, consider disabling high-risk nodes (including the Code node) using `NODES_EXCLUDE`.\n\n### Resources\n\n- n8n Docs: [Task runners](https://docs.n8n.io/hosting/configuration/task-runners/)\n- n8n Docs: [Task runner environment variables](https://docs.n8n.io/hosting/configuration/environment-variables/task-runners/)\n- n8n Docs: [Security environment variables](https://docs.n8n.io/hosting/configuration/environment-variables/security/#security-environment-variables)\n- n8n Docs: [v2.0 breaking changes](https://docs.n8n.io/2-0-breaking-changes/#enable-task-runners-by-default)",
"id": "GHSA-j4p8-h8mh-rh8q",
"modified": "2025-12-31T00:20:06Z",
"published": "2025-12-26T18:26:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-j4p8-h8mh-rh8q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68697"
},
{
"type": "PACKAGE",
"url": "https://github.com/n8n-io/n8n"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Self-hosted n8n has Legacy Code node that enables arbitrary file read/write"
}
GHSA-JJ92-X469-335W
Vulnerability from github – Published: 2024-10-18 09:31 – Updated: 2024-10-18 09:31The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.
{
"affected": [],
"aliases": [
"CVE-2024-4739"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-18T09:15:03Z",
"severity": "MODERATE"
},
"details": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.",
"id": "GHSA-jj92-x469-335w",
"modified": "2024-10-18T09:31:26Z",
"published": "2024-10-18T09:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4739"
},
{
"type": "WEB",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JMJF-JWVM-X7JX
Vulnerability from github – Published: 2026-05-27 09:31 – Updated: 2026-05-27 09:31An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.
{
"affected": [],
"aliases": [
"CVE-2025-14713"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T09:16:26Z",
"severity": "HIGH"
},
"details": "An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.",
"id": "GHSA-jmjf-jwvm-x7jx",
"modified": "2026-05-27T09:31:16Z",
"published": "2026-05-27T09:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14713"
},
{
"type": "WEB",
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_18"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.
Mitigation
Strategy: Attack Surface Reduction
- Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
- Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
- accessible to all users
- restricted to a small set of privileged users
- prevented from being directly accessible at all
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.