GHSA-wvqj-9wv4-7ff5
NocoDB: Path Traversal via SQLite Source Filename
상세
### Summary An authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases.
### Details The SQLite client and the base/integration create services accepted a caller-supplied filename and passed it to `fs.exists` and `fs.open('w')` without restricting the location. A user could point a source at `noco.db`, at a tenant database under `nc_minimal_dbs/`, or at any writable path the NocoDB process can reach, and then read or overwrite its contents through the regular table APIs.
### Impact Disclosure and modification of NocoDB internal state, of other tenants' databases, and of any file the NocoDB process can read or write. Authentication and base-create permission are required.
### Credit This issue was reported by [@Mouhebbenelwafi](https://github.com/Mouhebbenelwafi).
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.