Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1ncnY2LW03NTMtM3cyZ84AAvNO

NocoDB vulnerable to Denial of Service

NocoDB prior to 0.92.0 allows actors to insert large characters into the input field New Project on the create field, which can cause a Denial of Service (DoS) via a crafted HTTP request. Version 0.92.0 fixes this issue.

Permalink: https://github.com/advisories/GHSA-grv6-m753-3w2g
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ncnY2LW03NTMtM3cyZ84AAvNO
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago


CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-grv6-m753-3w2g, CVE-2022-3423
References: Repository: https://github.com/nocodb/nocodb
Blast Radius: 11.0

Affected Packages

npm:nocodb
Dependent packages: 1
Dependent repositories: 49
Downloads: 2,608 last month
Affected Version Ranges: < 0.92.0
Fixed in: 0.92.0
All affected versions: 0.0.1, 0.1.29, 0.1.30, 0.1.31, 0.1.32, 0.1.33, 0.1.34, 0.1.35, 0.1.36, 0.1.37, 0.1.38, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 0.9.17, 0.9.18, 0.9.19, 0.9.20, 0.9.21, 0.9.22, 0.9.23, 0.9.24, 0.9.25, 0.9.26, 0.9.27, 0.9.28, 0.9.29, 0.9.30, 0.9.31, 0.9.32, 0.9.33, 0.9.34, 0.9.35, 0.9.36, 0.9.37, 0.9.38, 0.9.39, 0.9.40, 0.9.41, 0.9.42, 0.9.43, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.11.7, 0.11.8, 0.11.9, 0.11.10, 0.11.11, 0.11.12, 0.11.13, 0.11.14, 0.11.15, 0.11.16, 0.11.17, 0.11.18, 0.11.19, 0.11.20, 0.11.21, 0.11.22, 0.11.23, 0.11.24, 0.11.25, 0.11.26, 0.11.27, 0.11.28, 0.11.29, 0.11.30, 0.11.32, 0.11.33, 0.11.34, 0.11.35, 0.11.36, 0.11.38, 0.11.39, 0.11.40, 0.11.41, 0.11.42, 0.11.43, 0.11.44, 0.11.45, 0.11.46, 0.80.0, 0.80.1, 0.81.0, 0.81.1, 0.82.0, 0.83.0, 0.83.1, 0.83.2, 0.83.3, 0.83.4, 0.83.5, 0.83.6, 0.83.8, 0.84.0, 0.84.1, 0.84.2, 0.84.3, 0.84.4, 0.84.5, 0.84.6, 0.84.7, 0.84.8, 0.84.9, 0.84.10, 0.84.12, 0.84.13, 0.84.14, 0.84.15, 0.84.16, 0.84.18, 0.90.0, 0.90.1, 0.90.2, 0.90.3, 0.90.4, 0.90.5, 0.90.7, 0.90.8, 0.90.9, 0.90.10, 0.90.11, 0.91.0, 0.91.1, 0.91.3, 0.91.6, 0.91.7, 0.91.8, 0.91.9, 0.91.10
All unaffected versions: 0.92.0, 0.92.1, 0.92.2, 0.92.3, 0.92.4, 0.96.0, 0.96.1, 0.96.2, 0.96.3, 0.96.4, 0.97.0, 0.98.0, 0.98.1, 0.98.2, 0.98.3, 0.98.4, 0.99.0, 0.99.1, 0.99.2, 0.100.0, 0.100.1, 0.100.2, 0.101.0, 0.101.1, 0.101.2, 0.104.0, 0.104.1, 0.104.2, 0.104.3, 0.105.0, 0.105.1, 0.105.2, 0.105.3, 0.106.0, 0.106.1, 0.107.0, 0.107.1, 0.107.2, 0.107.3, 0.107.4, 0.107.5, 0.108.0, 0.108.1, 0.109.0, 0.109.1, 0.109.2, 0.109.3, 0.109.4, 0.109.5, 0.109.6, 0.109.7, 0.111.0, 0.111.1, 0.111.2, 0.111.3, 0.111.4, 0.200.0, 0.202.0, 0.202.4, 0.202.5, 0.202.6, 0.202.7, 0.202.8, 0.202.9, 0.202.10, 0.203.0, 0.203.1, 0.203.2, 0.204.0, 0.204.1, 0.204.2, 0.204.3, 0.204.4, 0.204.5, 0.204.6, 0.204.7, 0.204.8, 0.204.9, 0.205.0, 0.205.1, 0.207.0, 0.207.1, 0.207.2, 0.207.3, 0.250.0, 0.250.1, 0.250.2, 0.251.0, 0.251.1, 0.251.2, 0.251.3, 0.252.0, 0.254.1, 0.255.0, 0.255.1, 0.255.2, 0.256.0, 0.257.0, 0.257.2, 0.258.0, 0.258.1, 0.258.2, 0.258.3