CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.

**Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0)**

**Vulnerability Type**  
CSV Injection

**Product**  
csv-safe

**Affected Product Code Base**  
CSV-safe - <3.0.0 are effected

**Affected Component**  
Sanitization of CSV Injection vectors.

**Attack Type**  
Remote

**Attack Vector**  
**%0A-3+3+cmd|' /C calc'!D2** could be used to bypass CSV injection sanitizations in older versions.

**Discoverers**  
Danish Tariq

**Fixed by**  
Gabriel Rios - #8

**References**  
https://github.com/zvory/csv-safe  
#8  
https://hackerone.com/reports/223999  
WeblateOrg/weblate@d9e136f  
https://bugzilla.mozilla.org/show\_bug.cgi?id=1259881

CVE-2022-28481: Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0)  · Issue #7 · zvory/csv-safe

Headline

CVE-2022-28481: Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0) · Issue #7 · zvory/csv-safe

CVE: Latest News