VYPR

npm package

@nocobase/plugin-workflow-request

pkg:npm/%40nocobase/plugin-workflow-request

Vulnerabilities (1)

  • CVE-2026-40346MedApr 18, 2026
    affected < 2.0.37fixed 2.0.37

    NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF