Lucene search
K

5079 matches found

OSV
OSV
added 2021/11/26 8:15 p.m.22 views

PYSEC-2021-866

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

9.8CVSS3AI score0.01205EPSS
Exploits1References3
CVE
CVE
added 2021/11/26 8:5 p.m.81 views

CVE-2021-23654

The CVE-2021-23654 issue affects all versions of the html-to-csv package. A vulnerability exists where a formula embedded in an HTML page is accepted without validation and is carried over when converting to CSV, enabling a malicious actor to embed or generate a malicious link or execute commands...

9.8CVSS7.5AI score0.01205EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/11/26 8:5 p.m.19 views

CVE-2021-23654 Improper Input Validation

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

5.6CVSS9.8AI score0.01205EPSS
Exploits1References2
Veracode
Veracode
added 2021/11/25 8:12 a.m.25 views

CSV Injection

symfony/serializer is vulnerable to CSV Injection. The vulnerability exists in a private variable used in flatten function of CsvEncoder.php as it doesn't properly encode the formulas which allows an attacker to inject arbitrary CSV formulas and code...

6.5CVSS4.2AI score0.01355EPSS
Exploits0References11Affected Software2
CNVD
CNVD
added 2021/11/25 12:0 a.m.14 views

IBM Planning Analytics Injection Vulnerability

IBM Planning Analytics is a business planning and analysis solution from IBM Corporation. The solution supports automated execution of business planning, budgeting, and analysis processes.IBM Planning Analytics has a security vulnerability that stems from incorrect validation of csv file content...

9.3CVSS3.6AI score0.01751EPSS
Exploits0References1
OSV
OSV
added 2021/11/24 9:1 p.m.30 views

GHSA-2XHG-W2G5-W95X CSV Injection in symfony/serializer

Description ----------- CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker. In Symfony 4.1, we'...

6.5CVSS6.1AI score0.01355EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2021/11/24 9:1 p.m.45 views

CSV Injection in symfony/serializer

Description ----------- CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program opens a CSV, any cell starting with = is interpreted by the software as a formula and could be abused by an attacker. In Symfony 4.1, we'...

6.5CVSS1.4AI score0.01355EPSS
Exploits0References13Affected Software2
NVD
NVD
added 2021/11/24 7:15 p.m.30 views

CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS0.01355EPSS
Exploits0References6
OSV
OSV
added 2021/11/24 7:15 p.m.1 views

DEBIAN-CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS6.4AI score0.01355EPSS
Exploits0References1
OSV
OSV
added 2021/11/24 7:15 p.m.21 views

CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS6.7AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2021/11/24 7:15 p.m.33 views

CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS6.6AI score0.01355EPSS
Exploits0References7
Prion
Prion
added 2021/11/24 7:15 p.m.17 views

Design/Logic Flaw

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

4CVSS6.6AI score0.01355EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2021/11/24 7:5 p.m.61 views

CVE-2021-41270 CSV Injection in Symfony

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS6.8AI score0.01355EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2021/11/24 7:5 p.m.26 views

CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS6.6AI score0.01355EPSS
Exploits0
CVE
CVE
added 2021/11/24 7:5 p.m.105 views

CVE-2021-41270

CVE-2021-41270 (Symfony CSV Injection) affects Symfony/Serializer in Symfony PHP framework. The issue arises in the CsvEncoder where cells beginning with =, +, -, or @ could be treated as formulas. Initially, a tab prefix was used to escape these, but OWASP expanded the vulnerable set to include ...

6.5CVSS6.5AI score0.01355EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2021/11/24 5:15 p.m.15 views

CVE-2021-38873

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396...

9.3CVSS0.01751EPSS
Exploits0References2
Prion
Prion
added 2021/11/24 5:15 p.m.24 views

Input validation

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396...

9.3CVSS8AI score0.01751EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/24 4:15 p.m.42 views

CVE-2021-38873

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection due to improper validation of CSV content, enabling a remote attacker to execute arbitrary commands on the system. The affected product is IBM Planning Analytics 2.0 (Local), with remediation through applying the latest securit...

9.3CVSS8AI score0.01751EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/24 4:15 p.m.18 views

CVE-2021-38873

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396...

6.8CVSS7.8AI score0.01751EPSS
Exploits0References2
Fedora
Fedora
added 2021/11/24 1:20 a.m.30 views

[SECURITY] Fedora 35 Update: libxls-1.6.2-5.fc35

This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...

6.5CVSS6.4AI score0.01122EPSS
Exploits0
Rows per page
Query Builder