GHSA-grv6-m753-3w2g

Suggest an improvement
Source
https://github.com/advisories/GHSA-grv6-m753-3w2g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-grv6-m753-3w2g/GHSA-grv6-m753-3w2g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-grv6-m753-3w2g
Aliases
Published
2022-10-07T18:16:01Z
Modified
2023-11-08T04:09:44.767625Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
NocoDB vulnerable to Denial of Service
Details

NocoDB prior to 0.92.0 allows actors to insert large characters into the input field New Project on the create field, which can cause a Denial of Service (DoS) via a crafted HTTP request. Version 0.92.0 fixes this issue.

Database specific
{
    "nvd_published_at": "2022-10-07T11:15:00Z",
    "github_reviewed_at": "2022-10-07T21:55:42Z",
    "github_reviewed": true,
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-400",
        "CWE-770"
    ]
}
References

Affected packages

npm / nocodb

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.92.0