Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-39217
HistorySep 17, 2022 - 12:15 a.m.

Code injection

2022-09-1700:15:00
PRIOn knowledge base
www.prio-n.com
12
github action
code injection
csv file
security issue
api
spreadsheet program
version v1
nvd

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version v1. Users are advised to use v1 or later. There are no known workarounds for this issue.

CPENameOperatorVersion
ghas-to-csvlt1

Related

osv 2
github 1
cve 1
nvd 1
cvelist 1
osv
osv
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
2022-09-16 22:06:55
CVE-2022-39217
2022-09-17 00:15:10
github
github
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
2022-09-16 22:06:55
cve
cve
CVE-2022-39217
2022-09-17 00:15:10
nvd
nvd
CVE-2022-39217
2022-09-17 00:15:10
cvelist
cvelist
CVE-2022-39217 Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv
2022-09-16 23:20:10

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON
Related for PRION:CVE-2022-39217
osv2github1cve1nvd1cvelist1