Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1teDhxLWpxd20tODVtds4AAriu
NocoDB information disclosure vulnerability
In NocoDB prior to 0.91.7, the SMTP plugin doesn't have verification or validation. This allows attackers to make requests to internal servers and read the contents.
Permalink: https://github.com/advisories/GHSA-mx8q-jqwm-85mvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teDhxLWpxd20tODVtds4AAriu
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.0019
EPSS Percentile: 0.56502
Identifiers: GHSA-mx8q-jqwm-85mv, CVE-2022-2062
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-2062
- https://github.com/nocodb/nocodb/commit/a18f5dd53811b9ec1c1bb2fdbfb328c0c87d7fb4
- https://huntr.dev/bounties/35593b4c-f127-4699-8ad3-f0b2203a8ef6
- https://github.com/advisories/GHSA-mx8q-jqwm-85mv
Blast Radius: 12.7
Affected Packages
npm:nocodb
Dependent packages: 1Dependent repositories: 49
Downloads: 1,659 last month
Affected Version Ranges: < 0.91.7
Fixed in: 0.91.7
All affected versions: 0.0.1, 0.1.29, 0.1.30, 0.1.31, 0.1.32, 0.1.33, 0.1.34, 0.1.35, 0.1.36, 0.1.37, 0.1.38, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 0.9.17, 0.9.18, 0.9.19, 0.9.20, 0.9.21, 0.9.22, 0.9.23, 0.9.24, 0.9.25, 0.9.26, 0.9.27, 0.9.28, 0.9.29, 0.9.30, 0.9.31, 0.9.32, 0.9.33, 0.9.34, 0.9.35, 0.9.36, 0.9.37, 0.9.38, 0.9.39, 0.9.40, 0.9.41, 0.9.42, 0.9.43, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.11.7, 0.11.8, 0.11.9, 0.11.10, 0.11.11, 0.11.12, 0.11.13, 0.11.14, 0.11.15, 0.11.16, 0.11.17, 0.11.18, 0.11.19, 0.11.20, 0.11.21, 0.11.22, 0.11.23, 0.11.24, 0.11.25, 0.11.26, 0.11.27, 0.11.28, 0.11.29, 0.11.30, 0.11.32, 0.11.33, 0.11.34, 0.11.35, 0.11.36, 0.11.38, 0.11.39, 0.11.40, 0.11.41, 0.11.42, 0.11.43, 0.11.44, 0.11.45, 0.11.46, 0.80.0, 0.80.1, 0.81.0, 0.81.1, 0.82.0, 0.83.0, 0.83.1, 0.83.2, 0.83.3, 0.83.4, 0.83.5, 0.83.6, 0.83.8, 0.84.0, 0.84.1, 0.84.2, 0.84.3, 0.84.4, 0.84.5, 0.84.6, 0.84.7, 0.84.8, 0.84.9, 0.84.10, 0.84.12, 0.84.13, 0.84.14, 0.84.15, 0.84.16, 0.84.18, 0.90.0, 0.90.1, 0.90.2, 0.90.3, 0.90.4, 0.90.5, 0.90.7, 0.90.8, 0.90.9, 0.90.10, 0.90.11, 0.91.0, 0.91.1, 0.91.3, 0.91.6
All unaffected versions: 0.91.7, 0.91.8, 0.91.9, 0.91.10, 0.92.0, 0.92.1, 0.92.2, 0.92.3, 0.92.4, 0.96.0, 0.96.1, 0.96.2, 0.96.3, 0.96.4, 0.97.0, 0.98.0, 0.98.1, 0.98.2, 0.98.3, 0.98.4, 0.99.0, 0.99.1, 0.99.2, 0.100.0, 0.100.1, 0.100.2, 0.101.0, 0.101.1, 0.101.2, 0.104.0, 0.104.1, 0.104.2, 0.104.3, 0.105.0, 0.105.1, 0.105.2, 0.105.3, 0.106.0, 0.106.1, 0.107.0, 0.107.1, 0.107.2, 0.107.3, 0.107.4, 0.107.5, 0.108.0, 0.108.1, 0.109.0, 0.109.1, 0.109.2, 0.109.3, 0.109.4, 0.109.5, 0.109.6, 0.109.7, 0.111.0, 0.111.1, 0.111.2, 0.111.3, 0.111.4, 0.200.0, 0.202.0, 0.202.4, 0.202.5, 0.202.6, 0.202.7, 0.202.8, 0.202.9, 0.202.10, 0.203.0, 0.203.1, 0.203.2, 0.204.0, 0.204.1, 0.204.2, 0.204.3, 0.204.4, 0.204.5, 0.204.6, 0.204.7, 0.204.8, 0.204.9, 0.205.0, 0.205.1, 0.207.0, 0.207.1, 0.207.2, 0.207.3, 0.250.0, 0.250.1, 0.250.2, 0.251.0, 0.251.1, 0.251.2, 0.251.3, 0.252.0, 0.254.1, 0.255.0, 0.255.1, 0.255.2, 0.256.0, 0.257.0, 0.257.2, 0.258.0, 0.258.1, 0.258.2, 0.258.3, 0.258.7, 0.258.10, 0.258.11, 0.260.0, 0.260.1