First published: Mon Jan 10 2022(Updated: )
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
Credit: vulnerabilitylab@mend.io
Affected Software | Affected Version | How to fix |
---|---|---|
Xgenecloud Nocodb | >=0.81.0<=0.83.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-22121 is high.
CVE-2022-22121 affects NocoDB versions 0.81.0 through 0.83.8.
CSV Injection vulnerability is a type of vulnerability that allows an attacker to inject malicious formulas or commands into a CSV file, which can be executed when the file is opened or processed.
A low privileged attacker can exploit CVE-2022-22121 by creating a new table and injecting payloads in the table rows.
To fix CVE-2022-22121, update NocoDB to a version higher than 0.83.8.