How Striga uncovered a critical sandbox escape and unsanitized node name injection in n8n's expression engine, chaining them into full Remote Code Execution.
hackerman70000•1h ago
This is why AST-based sandboxing in JavaScript is fundamentally fragile, every new syntax feature is a potential gap
redfr0g•1h ago