HIGH 7.5

GHSA-mx8q-jqwm-85mv

NocoDB information disclosure vulnerability

Details

In NocoDB prior to 0.91.7, the SMTP plugin doesn't have verification or validation. This allows attackers to make requests to internal servers and read the contents.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / nocodb

Introduced in: 0 Fixed in: 0.91.7

Fix npm install nocodb@0.91.7

References

https://nvd.nist.gov/vuln/detail/CVE-2022-2062 [ADVISORY]
https://github.com/nocodb/nocodb/commit/a18f5dd53811b9ec1c1bb2fdbfb328c0c87d7fb4 [WEB]
https://github.com/nocodb/nocodb [PACKAGE]
https://huntr.dev/bounties/35593b4c-f127-4699-8ad3-f0b2203a8ef6 [WEB]