Описание
Keystone is vulnerable to CSV injection
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
Пакеты
Наименование
keystone
npm
Затронутые версииВерсия исправления
<= 4.0.0-beta5
4.0.0-beta7
Связанные уязвимости
CVSS3: 8.8
nvd
больше 8 лет назад
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.