Описание
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system where the exported CSV file is opened.
EPSS
Процентиль: 25%
0.00087
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-1236
Связанные уязвимости
CVSS3: 6.5
github
4 месяца назад
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system where the exported CSV file is opened.
EPSS
Процентиль: 25%
0.00087
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-1236