CVE-2025-61873

Опубликовано: 16 янв. 2026

Источник: debian

EPSS Низкий

Описание

Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

Пакет	Статус	Версия исправления	Релиз	Тип
request-tracker5	fixed	5.0.7+dfsg-5		package
request-tracker4	unfixed			package

Fixed by: https://github.com/bestpractical/rt/commit/cade8b90c696e8c08438be2cb469a78342b5cb0f (rt-5.0.9)
Fixed by: https://github.com/bestpractical/rt/commit/2f5798fee46155a947f57dfafed2542f03906dd7 (rt-4.4.9)

EPSS

Процентиль: 8%

0.0003

Низкий

CVE-2025-61873

CVSS3: 2.6

ubuntu

22 дня назад

Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

CVE-2025-61873

CVSS3: 2.6

nvd

22 дня назад

Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

GHSA-3rc2-78m3-cqmh

CVSS3: 2.6

github

22 дня назад

Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

EPSS

Процентиль: 8%

0.0003

Низкий