Lucene search
GoogleOSV:CVE-2022-39217HistorySep 17, 2022 - 12:15 a.m.
CVE-2022-39217
2022-09-1700:15:10
Google
osv.dev
5
github action
github advanced security
csv
api
v1
software
some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version v1. Users are advised to use v1 or later. There are no known workarounds for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ghas-to-csv | eq | 0.3.0 | |
| ghas-to-csv | eq | 0.5.0 | |
| ghas-to-csv | eq | 0.1.1 | |
| ghas-to-csv | eq | 0.4.0 | |
| ghas-to-csv | eq | 0.1.0 | |
| ghas-to-csv | eq | 0.2.0 |
Related
cvelist
cvelist
osv
osv
prion
prion
Code injection
2022-09-17 00:15:00
github
github
cve
cve
CVE-2022-39217
2022-09-17 00:15:10
nvd
nvd
CVE-2022-39217
2022-09-17 00:15:10