{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T02:31:55.721","vulnerabilities":[{"cve":{"id":"CVE-2022-22121","sourceIdentifier":"vulnerabilitylab@mend.io","published":"2022-01-10T16:15:10.243","lastModified":"2025-08-26T18:50:20.227","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed."},{"lang":"es","value":"En NocoDB, versiones 0.81.0 hasta 0.83.8, están afectadas por una vulnerabilidad de Inyección CSV (inyección de fórmulas). Un atacante con pocos privilegios puede crear una nueva tabla para inyectar cargas útiles en las filas de la tabla. Cuando un administrador accede al endpoint de Administración de Usuarios y exporta los datos como un archivo CSV y lo abre, la carga útil es ejecutada"}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*","versionStartIncluding":"0.81.0","versionEndIncluding":"0.83.8","matchCriteriaId":"80D54B8B-131D-4E59-81C8-755AE7834B32"}]}]}],"references":[{"url":"https://github.com/nocodb/nocodb/commit/079e3abe","source":"vulnerabilitylab@mend.io","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121","source":"vulnerabilitylab@mend.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/nocodb/nocodb/commit/079e3abe","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}