nocodb 0.202.4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the nocodb package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the password reset API endpoint `/api/v1/db/auth/password/reset/`. An attacker can execute scripts in the context of the user's browser session by convincing the user to follow a malicious link. How to fix Cross-site Scripting (XSS)? Upgrade `nocodb` to version 0.258.0 or higher.	<0.258.0
H Cross-site Scripting (XSS) nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `replaceUrlsWithLink` function. An attacker can execute arbitrary JavaScript code by embedding malicious content within the formula fields that are improperly sanitized before being displayed. How to fix Cross-site Scripting (XSS)? Upgrade `nocodb` to version 0.202.9 or higher.	<0.202.9
M SQL Injection nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection through the `columnList` method. An attacker with create access can execute arbitrary SQL commands and potentially access or modify sensitive data by including a special character (') in the table name to manipulate the SQL query. How to fix SQL Injection? Upgrade `nocodb` to version 0.202.10 or higher.	<0.202.10

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

nocodb is a NocoDB

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the password reset API endpoint /api/v1/db/auth/password/reset/. An attacker can execute scripts in the context of the user's browser session by convincing the user to follow a malicious link.

How to fix Cross-site Scripting (XSS)?

Upgrade nocodb to version 0.258.0 or higher.

<0.258.0

Cross-site Scripting (XSS)

nocodb is a NocoDB

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the replaceUrlsWithLink function. An attacker can execute arbitrary JavaScript code by embedding malicious content within the formula fields that are improperly sanitized before being displayed.

How to fix Cross-site Scripting (XSS)?

Upgrade nocodb to version 0.202.9 or higher.

<0.202.9

SQL Injection

nocodb is a NocoDB

Affected versions of this package are vulnerable to SQL Injection through the columnList method. An attacker with create access can execute arbitrary SQL commands and potentially access or modify sensitive data by including a special character (') in the table name to manipulate the SQL query.

How to fix SQL Injection?

Upgrade nocodb to version 0.202.10 or higher.

<0.202.10

nocodb@0.202.4 vulnerabilities

NocoDB Backend

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically