CVE-2022-22121
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nocodb | nocodb | 0.81.0 < unspecified | affected |
| nocodb | nocodb | unspecified <= 0.83.8 | affected |
Weaknesses
- CWE-1236: CWE-1236
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/nocodb/nocodb/commit/079e3abe
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121
References
- https://github.com/nocodb/nocodb/commit/079e3abe
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.