CVE-2021-43515

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43515

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43515.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43515

Aliases

GHSA-64fq-9c6w-rq44

Published

2022-04-08T17:15:08Z

Modified

2024-09-03T03:57:26.537649Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.

References

https://github.com/kevinpapst/kimai2/commit/dad1b8b772947f1596175add1b4f33b791705507#diff-6774f5865dbaf8bc6c55b75bd92e6f9950ebe7834aa2efd828a19fd637e667cf

Affected packages

Git / github.com/kimai/kimai

Affected ranges

Type: GIT
Repo: https://github.com/kimai/kimai
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dad1b8b772947f1596175add1b4f33b791705507

Affected versions

0.*

0.1

0.2

0.3

0.4

0.5

0.6

0.6.1

0.7

0.8

0.8.1

0.9

1.*

1.0

1.0.1

1.1

1.10

1.10.1

1.10.2

1.11

1.11.1

1.12

1.13

1.14

1.2

1.3

1.4

1.4.1

1.4.2

1.5

1.6

1.6.1

1.6.2

1.7

1.8

1.9