Latest xgenecloud nocodb Vulnerabilities

CVE-2023-43794
## Summary Nocodb contains SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. ## Product nocodb/nocodb ## Tested Version [0.1...
npm/nocodb<0.111.0
Xgenecloud Nocodb=0.109.2
CVE-2023-5104
Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.
Xgenecloud Nocodb<0.96.0
npm/nocodb<0.96.0
CVE-2022-3423
Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.
Xgenecloud Nocodb<0.92.0
CVE-2022-2339
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
Xgenecloud Nocodb<0.92.0
CVE-2022-2079
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.
Xgenecloud Nocodb<0.91.7
CVE-2022-2064
Xgenecloud Nocodb<0.91.7
CVE-2022-2063
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.
Xgenecloud Nocodb<0.91.7
CVE-2022-2022
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.
Xgenecloud Nocodb<0.91.7
CVE-2022-22121
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When a...
Xgenecloud Nocodb>=0.81.0<=0.83.8
CVE-2022-22120
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error ...
Xgenecloud Nocodb>=0.9<=0.83.8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203