Описание
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.81.0 (включая) до 0.83.8 (включая)
cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00433
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-1236
Связанные уязвимости
CVSS3: 8
github
около 4 лет назад
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
EPSS
Процентиль: 62%
0.00433
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-1236