ActiveAdmin CSV Injection leading to sensitive information disclosure

Impact In ActiveAdmin versions prior to 3.2.0, maliciously crafted spreadsheet formulas could be uploaded as part of admin data that, when exported to a CSV file and the imported to a spreadsheet program like libreoffice, could lead to remote code execution and private data exfiltration. The...

Code injection

some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...

CVE-2022-39217 Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv

some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...

GHSA-634P-93H9-92VH ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File

Impact This GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. The data flow looks like this 👇🏻 mermaid...

CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

CVE-2021-40848

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...

Input validation

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...

CVE-2021-40848

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...

Joomla 3.6.x < 3.9.7 Multiple Vulnerabilites

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.6.x prior to 3.9.7. It is, therefore, affected by the following vulnerabilities: - Joomla versions 3.8.13 prior to 3.9.7 are affected by a vulnerability where a non-admin user may manipulate the...

Weblate: CSV Injection with the CVS export feature - Glossary

Hi, The "Download as a CSV" feature of Weblate does not properly "escape" fields. Here is more information about this issue: http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/ Here is one method to reproduce this issue: 1 I can add new information in Glossary with a name...

libreoffice: Arbitrary file disclosure in Calc and Writer

It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim...

Fedora Update for gnumeric FEDORA-2014-0033

Check for the Version of gnumeric OpenVAS Vulnerability Test Fedora Update for gnumeric FEDORA-2014-0033 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 19 Update: gnumeric-1.12.9-1.fc19

Gnumeric is a spreadsheet program for the GNOME GUI desktop environment...

Fedora Update for gnumeric FEDORA-2008-1403

Check for the Version of gnumeric OpenVAS Vulnerability Test Fedora Update for gnumeric FEDORA-2008-1403 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for gnumeric FEDORA-2008-1313

Check for the Version of gnumeric OpenVAS Vulnerability Test Fedora Update for gnumeric FEDORA-2008-1313 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Core 10 FEDORA-2009-1289 (gnumeric)

The remote host is missing an update to gnumeric announced via advisory FEDORA-2009-1289. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

[SECURITY] Fedora 9 Update: gnumeric-1.8.2-4.fc9

Gnumeric is a spreadsheet program for the GNOME GUI desktop environment...

[SECURITY] Fedora 8 Update: gnumeric-1.6.3-14.fc8

Gnumeric is a spreadsheet program for the GNOME GUI desktop environment...