6 matches found
CVE-2026-53931
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, s...
CVE-2026-53931 NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, s...
CVE-2026-53931
NocoDB: Server-Side Request Forgery via the spreadsheet-import endpoint (axiosRequestMake) allowed unauthenticated use as a generic HTTP proxy prior to 2026.05.1, enabling potentially unintended requests to internal destinations. The issue is fixed in 2026.05.1. The GHSA/OSV/PT-Security disclosur...
NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint
NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint
Summary The spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, so URLs whose query string ended in .csv for example...
PT-2024-21158 · Unknown · Product Catalog (Csv
Name of the Vulnerable Software and Affected Versions: Product Catalog CSV, Excel Import simpleimportproduct versions = 6.7.0 Description: A guest can upload files with extensions .php, potentially allowing malicious code execution. Recommendations: For versions = 6.7.0, restrict access to the fi...