In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nocodb
Nocodb nocodb |
|
CPEs | cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:* | |
Vendors & Products |
Xgenecloud
Xgenecloud nocodb |
Nocodb
Nocodb nocodb |

Status: PUBLISHED
Assigner: Mend
Published:
Updated: 2024-09-17T04:09:34.606Z
Reserved: 2021-12-21T00:00:00
Link: CVE-2022-22121

No data.

Status : Modified
Published: 2022-01-10T16:15:10.243
Modified: 2025-08-26T18:50:20.227
Link: CVE-2022-22121

No data.

No data.