23 matches found
CVE-2023-45597
A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...
EUVD-2023-49889
Malicious code in bioql PyPI...
EUVD-2021-9906
Malicious code in bioql PyPI...
EUVD-2023-41139
Malicious code in bioql PyPI...
CVE-2021-22771
A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution...
CVE-2024-27785
An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...
Design/Logic Flaw
A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...
CVE-2023-45597
The CVE-2023-45597 entry describes a CWE-1236 vulnerability in the AiLux imx6 bundle, specifically in the file_configuration/export_file function. An authenticated, remote attacker can inject arbitrary formulas into generated CSV files due to improper neutralization of formula elements in CSV out...
CVE-2023-45597
A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...
CVE-2023-37219
Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File...
Design/Logic Flaw
Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File...
CVE-2023-37219 Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File
Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File...
CVE-2023-37219
CVE-2023-37219 concerns Tadiran Telecom Composit, where the CSV processing is vulnerable to improper neutralization of formula elements (CWE-1236). The vulnerability affects the product’s CSV handling component and is characterized by a high-impact profile (confidentiality, integrity, and availab...
CVE-2023-37219 Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File
Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File...
PT-2023-25837 · Tadiran Telecom · Tadiran Telecom Composit
Name of the Vulnerable Software and Affected Versions: Tadiran Telecom Composit affected versions not specified Description: The issue concerns improper neutralization of formula elements in a CSV file, which is classified as CWE-1236. This could potentially lead to unintended actions or data...
FortiAnalyzer - CSV injection in macro name
An improper neutralization of formula elements vulnerability CWE 1236 in FortiAnalyzer may allow a local authenticated privileged attacker to execute arbitrary code on the end-user's host via inserting spreadsheet formulas in the macro names. This is achieved once the user downloads and opens the...
GHSA-634P-93H9-92VH ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Impact This GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. The data flow looks like this 👇🏻 mermaid...
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Impact This GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. The data flow looks like this 👇🏻 mermaid...
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore
Impact Data Object CSV import allows formular injection. Patches Problem is patched in 10.1.1 Workarounds Apply https://github.com/pimcore/pimcore/pull/9992.patch References https://cwe.mitre.org/data/definitions/1236.html...
GHSA-PP2H-95HM-HV9R Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore
Impact Data Object CSV import allows formular injection. Patches Problem is patched in 10.1.1 Workarounds Apply https://github.com/pimcore/pimcore/pull/9992.patch References https://cwe.mitre.org/data/definitions/1236.html...