Vulnerability Description
CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Csv-Safe Project | Csv-Safe | < 3.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/zvory/csv-safeProductThird Party Advisory
- https://github.com/zvory/csv-safe/issues/7ExploitIssue TrackingThird Party Advisory
- https://github.com/zvory/csv-safe/pull/8ExploitIssue TrackingPatch
- https://github.com/zvory/csv-safeProductThird Party Advisory
- https://github.com/zvory/csv-safe/issues/7ExploitIssue TrackingThird Party Advisory
- https://github.com/zvory/csv-safe/pull/8ExploitIssue TrackingPatch
FAQ
What is CVE-2022-28481?
CVE-2022-28481 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.
How severe is CVE-2022-28481?
CVE-2022-28481 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-28481?
Check the references section above for vendor advisories and patch information. Affected products include: Csv-Safe Project Csv-Safe.