GHSA-8fxg-mr34-jqr8

Опубликовано: 13 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

NocoDB SQL Injection vulnerability

Summary

An authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name.

Details

SQL Injection vulnerability occurs in VitessClient.ts.

async columnList(args: any = {}) { const func = this.columnList.name; const result = new Result(); log.api(`${func}:args:`, args); try { args.databaseName = this.connectionConfig.connection.database; const response = await this.sqlClient.raw( `select *, table_name as tn from information_schema.columns where table_name = '${args.tn}' ORDER by ordinal_position`, );

The variable ${args.tn} refers to the table name entered by the user. A malicious attacker can escape the existing query by including a special character (') in the table name and insert and execute a new arbitrary SQL query.

Impact

This vulnerability may result in leakage of sensitive data in the database.

Ссылки

Пакеты

Наименование

nocodb

npm

Затронутые версииВерсия исправления

<= 0.202.9

0.202.10

EPSS

Процентиль: 46%

0.00231

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2023-50718

Дефекты

CWE-89

Связанные уязвимости

CVE-2023-50718

CVSS3: 6.5

nvd

больше 1 года назад

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped `table_name`. This vulnerability may result in leakage of sensitive data in the database. Version 0.202.10 contains a patch for the issue.

EPSS

Процентиль: 46%

0.00231

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2023-50718

Дефекты

CWE-89