83 matches found
CVE-2026-34156
NocoBase exposes a sandbox escape in the Workflow Script Node: an attacker can traverse the sandbox through the host console object (console._stdout/console._stderr) prototype chain to reach the Function constructor, access process, require child_process, and achieve Remote Code Execution as root...
CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...
Nocobase 安全漏洞
Nocobase is an open-source low-code platform developed by NocoBase. Versions of NocoBase prior to 2.0.28 contained security vulnerabilities. These vulnerabilities stemmed from workflow script nodes executing JavaScript provided by users within a Node.js vm sandbox. During this process, the consol...
Improper Control of Dynamically-Managed Code Resources
Overview @nocobase/plugin-workflow-javascript is an Execute a piece of JavaScript in an isolated Node.js environment. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the console object passed into the sandbox context, which exposes...
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
Summary NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via...
GHSA-PX3P-VGH9-M57C NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
Summary NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via...
CVE-2025-13877
A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...
@nocobase/devtools (>=2.0.0-alpha.2 <=2.0.0-alpha.51), @nocobase/server (>=2.0.0-alpha.2 <=2.0.0-alpha.51) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=2.0.0-alpha.10 <=2.0.0-alpha.51)
@nocobase/auth NPM version =2.0.0-alpha.10, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.51 Source cves: CVE-2025-13877 Source advisory: OSV:GHSA-MV7P-34FV-4874...
@nocobase/devtools (>=1.9.0 <=1.9.22), @nocobase/server (>=1.9.0 <=1.9.22) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=1.9.0 <=1.9.22)
@nocobase/auth NPM version =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.22 Source cves: CVE-2025-13877 Source advisory: OSV:GHSA-MV7P-34FV-4874...
Improper Protection for Out of Bounds Signal Level Alerts
Overview @nocobase/auth is a Affected versions of this package are vulnerable to Improper Protection for Out of Bounds Signal Level Alerts via the official one-click Docker deployment configuration, a public default JWT key was historically provided.. An attacker can gain unauthorized access to...
@nocobase/devtools (>=1.9.0 <=1.9.21), @nocobase/server (>=1.9.0 <=1.9.21) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=1.9.0 <=1.9.21)
@nocobase/auth NPM version =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.21 Source cves: CVE-2025-13877 Source advisory: SNYK:JS-NOCOBASEAUTH-14287473...
@nocobase/devtools (>=2.0.0-alpha.2 <=2.0.0-alpha.51), @nocobase/server (>=2.0.0-alpha.2 <=2.0.0-alpha.51) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=2.0.0-alpha.2 <=2.0.0-alpha.51)
@nocobase/auth NPM version =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.51 Source cves: CVE-2025-13877 Source advisory: SNYK:JS-NOCOBASEAUTH-14287473...
@nocobase/app (>=1.0.0-alpha.1 <=1.4.0-alpha.20240914095808), @nocobase/cli (>=1.0.0-alpha.1 <=1.4.0-alpha.20240914095808) +3 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=1.0.0-alpha.1 <=1.9.0-beta.17)
@nocobase/auth NPM version =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.9.0-beta.17 Source cves: CVE-2025-13877 Source advisory: SNYK:JS-NOCOBASEAUTH-14287473...
EUVD-2025-200266
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments...
GHSA-MV7P-34FV-4874 Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...
Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mv7p-34fv-4874. This link is maintained to preserve external references. Original Description A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of t...
GHSA-644F-HRFF-MF96 Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mv7p-34fv-4874. This link is maintained to preserve external references. Original Description A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of t...
CVE-2025-13877
A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...
CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key
A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...
CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key
A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...