CVE-2022-2339 CRITICAL

CVE-2022-2339: Server-Side Request Forgery (SSRF) in nocodb/nocodb

Vendor Nocodb

Product nocodb/nocodb

Weakness CWE-918 · SSRF

Published July 7, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.

Key dates

02Disclosure timeline

July 7, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2339

Related vulnerabilities

04Related CVE

CVE-2026-44117 OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload CVE-2026-31989 OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect CVE-2023-3233 Zhong Bang CRMEB PublicController.php get_image_base64 server-side request forgery CVE-2024-32803 WordPress SuperFaktura WooCommerce plugin <= 1.40.3 - Server Side Request Forgery (SSRF) vulnerability CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode