Описание
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server restart. While the pollution technically bypasses SUPER_ADMIN authorization checks, no practical privileged actions can be performed because database operations fail immediately after pollution. Version 0.301.0 patches the issue.
Ссылки
- Vendor AdvisoryExploit
Уязвимые конфигурации
Конфигурация 1Версия до 0.301.0 (исключая)
cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00082
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-1321
Связанные уязвимости
CVSS3: 4.9
github
10 дней назад
NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS
EPSS
Процентиль: 24%
0.00082
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-1321