EPSS
Percentile
51.0%
In NocoDB prior to 0.91.7, the SMTP plugin doesn’t have verification or validation. This allows attackers to make requests to internal servers and read the contents.
github.com/nocodb/nocodb
github.com/nocodb/nocodb/commit/a18f5dd53811b9ec1c1bb2fdbfb328c0c87d7fb4
huntr.dev/bounties/35593b4c-f127-4699-8ad3-f0b2203a8ef6
nvd.nist.gov/vuln/detail/CVE-2022-2062