CVE-2022-22121
First published: Mon Jan 10 2022(Updated: )
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
Credit: vulnerabilitylab@mend.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xgenecloud Nocodb | >=0.81.0<=0.83.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-22121?
The severity of CVE-2022-22121 is high.
How does CVE-2022-22121 affect NocoDB?
CVE-2022-22121 affects NocoDB versions 0.81.0 through 0.83.8.
What is CSV Injection vulnerability?
CSV Injection vulnerability is a type of vulnerability that allows an attacker to inject malicious formulas or commands into a CSV file, which can be executed when the file is opened or processed.
How can a low privileged attacker exploit CVE-2022-22121?
A low privileged attacker can exploit CVE-2022-22121 by creating a new table and injecting payloads in the table rows.
How can I fix CVE-2022-22121?
To fix CVE-2022-22121, update NocoDB to a version higher than 0.83.8.
- collector/nvd-index
- agent/description
- vendor/xgenecloud
- canonical/xgenecloud nocodb
- version/xgenecloud nocodb/0.81.0
- version/xgenecloud nocodb/0.83.8