Lucene search
Veracode Vulnerability DatabaseVERACODE:47165HistoryMay 24, 2024 - 7:58 a.m.
CSV Injection
2024-05-2407:58:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
ghost
csv injection
input sanitization
spreadsheet application
export
Ghost is vulnerable to CSV Injection. The vulnerability is due to inadequate input sanitization during member CSV export, allowing malicious content to be injected into CSV files, and executed when opened by a spreadsheet application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @tryghost/members-csv | le | 1.2.16 | |
| ghost | le | 5.81.1 | |
| @tryghost/members-csv | le | 1.2.16 | |
| ghost | le | 5.81.1 |
Related
osv
osv
Ghost allows CSV Injection during member CSV export
2024-05-22 18:30:40
nvd
nvd
CVE-2024-34448
2024-05-22 16:15:10
github
github
Ghost allows CSV Injection during member CSV export
2024-05-22 18:30:40
cvelist
cvelist
CVE-2024-34448
1976-01-01 00:00:00
cve
cve
CVE-2024-34448
2024-05-22 16:15:10