Lucene search
Veracode Vulnerability DatabaseVERACODE:47165HistoryMay 24, 2024 - 7:58 a.m.
CSV Injection
2024-05-2407:58:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
ghost
csv injection
input sanitization
spreadsheet application
export
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
Low
Ghost is vulnerable to CSV Injection. The vulnerability is due to inadequate input sanitization during member CSV export, allowing malicious content to be injected into CSV files, and executed when opened by a spreadsheet application.
Related
nvd
nvd
CVE-2024-34448
2024-05-22 16:15:10
osv
osv
Ghost allows CSV Injection during member CSV export
2024-05-22 18:30:40
github
github
Ghost allows CSV Injection during member CSV export
2024-05-22 18:30:40
cve
cve
CVE-2024-34448
2024-05-22 16:15:10
vulnrichment
vulnrichment
CVE-2024-34448
1976-01-01 00:00:00
cvelist
cvelist
CVE-2024-34448
1976-01-01 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
Low
Related for VERACODE:47165