CVE-2021-43515
HIGH7.8EPSS 0.50%Improper Neutralization of Formula Elements in a CSV File in Kimai 2
Published: 4/9/2022Modified: 11/8/2023
Also known as:GHSA-64fq-9c6w-rq44
Description
A CSV Injection vulnerablity exists in Kimai Kimai 2 prior to 1.14.1 via a description in a new timesheet.
Affected packages (1)
- Packagist/kevinpapst/kimai2from 0, < 1.14.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (4)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-43515
- PATCHhttps://github.com/kevinpapst/kimai2
- WEBhttps://github.com/kevinpapst/kimai2/commit/dad1b8b772947f1596175add1b4f33b791705507#diff-6774f5865dbaf8bc6c55b75bd92e6f9950ebe7834aa2efd828a19fd637e667cf
- WEBhttps://github.com/kevinpapst/kimai2/pull/2532