Vulnerability Description
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nocodb | Nocodb | <= 0.106.1 |
Related Weaknesses (CWE)
References
- https://advisory.dw1.io/60ExploitThird Party Advisory
- https://github.com/nocodb/nocodb/blob/6decfa2b20c28db9946bddce0bcb1442b683ecae/pProduct
- https://github.com/nocodb/nocodb/blob/f7ee7e3beb91d313a159895d1edc1aba9d91b0bc/pProduct
- https://advisory.dw1.io/60ExploitThird Party Advisory
- https://github.com/nocodb/nocodb/blob/6decfa2b20c28db9946bddce0bcb1442b683ecae/pProduct
- https://github.com/nocodb/nocodb/blob/f7ee7e3beb91d313a159895d1edc1aba9d91b0bc/pProduct
FAQ
What is CVE-2023-35843?
CVE-2023-35843 is a vulnerability with a CVSS score of 7.5 (HIGH). NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /downlo...
How severe is CVE-2023-35843?
CVE-2023-35843 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35843?
Check the references section above for vendor advisories and patch information. Affected products include: Nocodb Nocodb.