In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
History

Tue, 26 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Nocodb
Nocodb nocodb
CPEs cpe:2.3:a:xgenecloud:nocodb:*:*:*:*:*:*:*:* cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*
Vendors & Products Xgenecloud
Xgenecloud nocodb
Nocodb
Nocodb nocodb

cve-icon MITRE

Status: PUBLISHED

Assigner: Mend

Published:

Updated: 2024-09-17T04:09:34.606Z

Reserved: 2021-12-21T00:00:00

Link: CVE-2022-22121

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-10T16:15:10.243

Modified: 2025-08-26T18:50:20.227

Link: CVE-2022-22121

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.