1. Home
  2. CVE Database
  3. CVE-2021-41128
CRITICAL · 9.1

CVE-2021-41128

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Inject...

Vulnerability Description

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get executed upon ingestion of the exported file. There is no validation or sanitization of these formula fields and so malicious may construct malicious code. This vulnerability has been resolved in version 1.30.4. There are no workarounds and all users are advised to upgrade their package.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
Hygeia ProjectHygeia>= 1.11.0, < 1.30.4

Related Weaknesses (CWE)

CWE-74

References

FAQ

What is CVE-2021-41128?

CVE-2021-41128 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Inject...

How severe is CVE-2021-41128?

CVE-2021-41128 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-41128?

Check the references section above for vendor advisories and patch information. Affected products include: Hygeia Project Hygeia.