3 matches found
NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
Summary The request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather than the axios config. An authenticated user with hook-creation permissio...
PT-2026-42674
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The request-filtering-agent Server-Side Request Forgery SSRF protection is non-functional in the Slack, Discord, Mattermost, and Teams notification webhook plugins. This occurs because the httpAge...
EUVD-2024-38239
Malicious code in bioql PyPI...