5079 matches found
Design/Logic Flaw
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...
CVE-2021-23654
The CVE-2021-23654 issue affects all versions of the html-to-csv package. A vulnerability exists where a formula embedded in an HTML page is accepted without validation and is carried over when converting to CSV, enabling a malicious actor to embed or generate a malicious link or execute commands...
CVE-2021-23654 Improper Input Validation
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...
CSV Injection
symfony/serializer is vulnerable to CSV Injection. The vulnerability exists in a private variable used in flatten function of CsvEncoder.php as it doesn't properly encode the formulas which allows an attacker to inject arbitrary CSV formulas and code...
IBM Planning Analytics Injection Vulnerability
IBM Planning Analytics is a business planning and analysis solution from IBM Corporation. The solution supports automated execution of business planning, budgeting, and analysis processes.IBM Planning Analytics has a security vulnerability that stems from incorrect validation of csv file content...
GHSA-2XHG-W2G5-W95X CSV Injection in symfony/serializer
Description ----------- CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker. In Symfony 4.1, we'...
CSV Injection in symfony/serializer
Description ----------- CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker. In Symfony 4.1, we'...
CVE-2021-41270
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...
CVE-2021-41270
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...
DEBIAN-CVE-2021-41270
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...
CVE-2021-41270
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...
Design/Logic Flaw
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...
CVE-2021-41270
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...
CVE-2021-41270 CSV Injection in Symfony
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...
CVE-2021-41270
CVE-2021-41270 (Symfony CSV Injection) affects Symfony/Serializer in Symfony PHP framework. The issue arises in the CsvEncoder where cells beginning with =, +, -, or @ could be treated as formulas. Initially, a tab prefix was used to escape these, but OWASP expanded the vulnerable set to include ...
CVE-2021-38873
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396...
Input validation
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396...
CVE-2021-38873
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection due to improper validation of CSV content, enabling a remote attacker to execute arbitrary commands on the system. The affected product is IBM Planning Analytics 2.0 (Local), with remediation through applying the latest securit...
CVE-2021-38873
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396...
[SECURITY] Fedora 35 Update: libxls-1.6.2-5.fc35
This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...