Vulnerability Description
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nocodb | Nocodb | >= 0.81.0, <= 0.83.8 |
Related Weaknesses (CWE)
References
- https://github.com/nocodb/nocodb/commit/079e3abePatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121ExploitThird Party Advisory
- https://github.com/nocodb/nocodb/commit/079e3abePatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121ExploitThird Party Advisory
FAQ
What is CVE-2022-22121?
CVE-2022-22121 is a vulnerability with a CVSS score of 8.0 (HIGH). In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When a...
How severe is CVE-2022-22121?
CVE-2022-22121 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22121?
Check the references section above for vendor advisories and patch information. Affected products include: Nocodb Nocodb.