exploitDog

CVE-2021-41824

Опубликовано: 30 сент. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Craft CMS before 3.7.14 allows CSV injection.

Ссылки

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3714---2021-09-28
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/security/advisories/GHSA-h7vq-5qgw-jwwq
Third Party Advisory
https://twitter.com/craftcmsupdates/status/1442928690145366018
Third Party Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3714---2021-09-28
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/security/advisories/GHSA-h7vq-5qgw-jwwq
Third Party Advisory
https://twitter.com/craftcmsupdates/status/1442928690145366018
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Версия от 3.4.0 (включая) до 3.7.14 (исключая)

EPSS

Процентиль: 66%

0.0051

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-h7vq-5qgw-jwwq

CVSS3: 8.8

github

больше 4 лет назад

CSV Injection Vulnerability

EPSS

Процентиль: 66%

0.0051

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-1236