VYPR
Moderate severityNVD Advisory· Published May 13, 2024· Updated Aug 21, 2024

NocoDB SQL Injection vulnerability

CVE-2023-50718

Description

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name. This vulnerability may result in leakage of sensitive data in the database. Version 0.202.10 contains a patch for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
nocodbnpm
< 0.202.100.202.10

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.