CVE-2022-28481

Опубликовано: 01 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.

https://github.com/zvory/csv-safe
Product
Third Party Advisory
https://github.com/zvory/csv-safe/issues/7
Exploit
Issue Tracking
Third Party Advisory
https://github.com/zvory/csv-safe/pull/8
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/zvory/csv-safe
Product
Third Party Advisory
https://github.com/zvory/csv-safe/issues/7
Exploit
Issue Tracking
Third Party Advisory
https://github.com/zvory/csv-safe/pull/8
Exploit
Issue Tracking
Patch
Third Party Advisory

Конфигурация 1

cpe:2.3:a:csv-safe_project:csv-safe:*:*:*:*:*:ruby:*:*

Версия до 3.0.0 (исключая)

EPSS

Процентиль: 62%

0.00424

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

CWE-1236

GHSA-f55g-x8qq-2569