CVE-2020-15255

Опубликовано: 16 окт. 2020

Источник: nvd

CVSS3: 8.7

CVSS3: 7.3

CVSS2: 6

EPSS Низкий

Описание

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.

Ссылки

http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42f
Patch
Third Party Advisory
https://github.com/anuko/timetracker/security/advisories/GHSA-prjf-9mgh-8fpv
Third Party Advisory
https://www.exploit-db.com/exploits/49027
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42f
Patch
Third Party Advisory
https://github.com/anuko/timetracker/security/advisories/GHSA-prjf-9mgh-8fpv
Third Party Advisory
https://www.exploit-db.com/exploits/49027
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:*

Версия до 1.19.23.5325 (исключая)

EPSS

Процентиль: 78%

0.01181

Низкий

8.7 High

CVSS3

7.3 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-74

CWE-1236

EPSS

Процентиль: 78%

0.01181

Низкий

8.7 High

CVSS3

7.3 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-74

CWE-1236