Количество 2
Количество 2
CVE-2026-24766
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write operations to fail application-wide until server restart. While the pollution technically bypasses SUPER_ADMIN authorization checks, no practical privileged actions can be performed because database operations fail immediately after pollution. Version 0.301.0 patches the issue.
GHSA-95ff-46g6-6gw9
NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-24766 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write operations to fail application-wide until server restart. While the pollution technically bypasses SUPER_ADMIN authorization checks, no practical privileged actions can be performed because database operations fail immediately after pollution. Version 0.301.0 patches the issue. | CVSS3: 4.9 | 0% Низкий | 12 дней назад |
| GHSA-95ff-46g6-6gw9 NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS | CVSS3: 4.9 | 0% Низкий | 12 дней назад |
Уязвимостей на страницу