4 matches found
GHSA-G27C-Q7CP-MHX6 json-2-csv vulnerable to CSV Injection via the preventCsvInjection optio
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...
json-2-csv 安全漏洞
json-2-csv is a JSON-to-CSV conversion tool developed by Michael Rodrigues. Versions of json-2-csv from 3.15.0 to 5.5.11 had security vulnerabilities. These vulnerabilities stemmed from the possibility of bypassing the preventCsvInjection option, allowing attackers to inject formulas into the CSV...
PT-2026-44192
Name of the Vulnerable Software and Affected Versions json-2-csv versions 3.15.0 through 5.5.10 Description CSV Injection occurs when the preventCsvInjection option is bypassed, allowing an attacker to inject formulas into CSV files. These formulas execute automatically when the files are opened ...
CSV Injection
Overview json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas in...