Описание
Duplicate Advisory: ActiveAdmin vulnerable to CSV injection
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xhvv-3jww-c487. This link is maintained to preserve external references.
Original Description
csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-51763
- https://github.com/activeadmin/activeadmin/pull/8161
- https://github.com/activeadmin/activeadmin/commit/697be2b183491beadc8f0b7d8b5bfb44f2387909
- https://github.com/activeadmin/activeadmin/releases/tag/v3.2.0
- https://github.com/advisories/GHSA-rqxc-9p8h-xqgq
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activeadmin/CVE-2023-51763.yml
Пакеты
Наименование
activeadmin
rubygems
Затронутые версииВерсия исправления
< 3.2.0
3.2.0
8.4 High
CVSS3
Дефекты
CWE-1236
8.4 High
CVSS3
Дефекты
CWE-1236