CVE-2022-2062
NocoDB information disclosure vulnerability
7.5
HIGH
CVSS 3.1
EPSS 1.3%
Description
In NocoDB prior to 0.91.7, the SMTP plugin doesn't have verification or validation. This allows attackers to make requests to internal servers and read the contents.
How to fix CVE-2022-2062
To remediate CVE-2022-2062, upgrade the affected package to a fixed version below.
- npm/nocodb—upgrade to 0.91.7 or later
Is CVE-2022-2062 being exploited?
Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.91.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |