漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
NocoDB - CSV Injection in User Management
Vulnerability Description
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1236
Vulnerability Title
NocoDB 安全漏洞
Vulnerability Description
NocoDb是一个开源 Airtable 替代品。将任何 MySql、PostgreSql、Sql Server、Sqlite 和 MariaDb 转换为智能电子表格。 NocoDB存在安全漏洞,该漏洞源于NocoDB中,0.81.0到0.83.8版本受到CSV注入漏洞(公式注入)的影响。低特权攻击者可利用该漏洞可以创建一个新表,将有效负载注入表行中。当管理员访问User Management端点并将数据导出为CSV文件并打开它时,将执行有效负载。
CVSS Information
N/A
Vulnerability Type
N/A