PT-2022-22086 · Nocodb · Nocodb

Published

2022-10-07

Updated

2026-02-25

CVE-2022-3423

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.92.0

Description The issue allows actors to cause a Denial of Service (DoS) by inserting large characters into the input field New Project on the create field via a crafted HTTP request.

Recommendations For versions prior to 0.92.0, update to version 0.92.0 to resolve the issue. As a temporary workaround, consider restricting access to the create field or limiting the input size for the New Project field until the update is applied.

Exploit

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2022-3423

GHSA-GRV6-M753-3W2G

Affected Products

Nocodb

PT-2022-22086 · Nocodb · Nocodb

CVE-2022-3423

Weakness Enumeration

Related Identifiers

Affected Products

References · 9