Описание
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore
Impact
Data Object CSV import allows formular injection.
Patches
Problem is patched in 10.1.1
Workarounds
Apply https://github.com/pimcore/pimcore/pull/9992.patch
References
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 10.1.1
10.1.1
Связанные уязвимости
CVSS3: 8
nvd
больше 4 лет назад
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.