Lucene search
GitHub Advisory DatabaseGHSA-XGWH-CGV9-783VHistoryMay 22, 2024 - 6:30 p.m.
Ghost allows CSV Injection during member CSV export
2024-05-2218:30:40
CWE-74
GitHub Advisory Database
github.com
8
ghost
version 5.82.0
csv injection
member export
software
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
Low
Ghost before 5.82.0 allows CSV Injection during a member CSV export.
Affected configurations
Node
tryghostmembers-csvRange<5.82.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tryghost | members-csv | * | cpe:2.3:a:tryghost:members-csv:*:*:*:*:*:*:*:* |
Related
veracode
veracode
CSV Injection
2024-05-24 07:58:33
nvd
nvd
CVE-2024-34448
2024-05-22 16:15:10
osv
osv
Ghost allows CSV Injection during member CSV export
2024-05-22 18:30:40
cve
cve
CVE-2024-34448
2024-05-22 16:15:10
vulnrichment
vulnrichment
CVE-2024-34448
1976-01-01 00:00:00
cvelist
cvelist
CVE-2024-34448
1976-01-01 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
Low
Related for GHSA-XGWH-CGV9-783V