CVE-2026-47385: Nocodb Ast Sqli Knex Raw
Directly using an unvalidated AST node `.value` in a raw SQL query execution (e.g., $DB.raw()) can lead to SQL injection. Validate the node's value against an explicit allowlist (e.g., 'asc', 'desc') before passing it to the builder.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
TS
TSgreprules fetch cve-2026-47385-nocodb-ast-sqli-knex-raw --engine opengrepDescription
Directly using an unvalidated AST node `.value` in a raw SQL query execution (e.g., $DB.raw()) can lead to SQL injection. Validate the node's value against an explicit allowlist (e.g., 'asc', 'desc') before passing it to the builder.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0