GHSA-f8hp-grmr-pp7j

Source

https://github.com/advisories/GHSA-f8hp-grmr-pp7j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-f8hp-grmr-pp7j/GHSA-f8hp-grmr-pp7j.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-f8hp-grmr-pp7j

Aliases

CVE-2023-29918

Published

2023-05-02T18:30:20Z

Modified

2024-02-16T08:21:41.709495Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

RosarioSIS vulnerable to CSV Injection

Details

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.

Database specific

{
    "nvd_published_at": "2023-05-02T16:15:09Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-1236"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-02T23:13:23Z"
}

References

Affected packages

Packagist / francoisjacquet/rosariosis

Package

Name: francoisjacquet/rosariosis
Purl: pkg:composer/francoisjacquet/rosariosis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

10.8.4

Affected versions

v5.*

v5.0-beta3

v5.0-beta4

v5.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.1-beta

v5.1

v5.1.1

v5.2-beta

v5.2

v5.3-beta

v5.3

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.4-beta

v5.4

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.4.5

v5.4.6

v5.4.7

v5.5-beta

v5.5-beta2

v5.5-beta3

v5.5

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.6-beta

v5.6

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.7

v5.7.1

v5.7.2

v5.7.3

v5.7.4

v5.7.5

v5.7.6

v5.7.7

v5.8-beta

v5.8-beta2

v5.8-beta3

v5.8-beta4

v5.8-beta5

v5.8

v5.8.1

v5.9-beta2

v5.9-beta3

v5.9

v5.9.1

v5.9.2

v5.9.3

v5.9.4

v5.9.5

v5.9.6

v6.*

v6.0-beta

v6.0

v6.1

v6.2

v6.2.1

v6.2.2

v6.2.3

v6.3

v6.4

v6.4.1

v6.4.2

v6.5

v6.5.1

v6.5.2

v6.6

v6.6.1

v6.7

v6.7.1

v6.7.2

v6.8-beta

v6.8

v6.8.1

v6.9-beta

v6.9

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v7.*

v7.0-beta

v7.0

v7.0.1

v7.0.2

v7.0.3

v7.0.4

v7.1

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.2

v7.2.1

v7.2.2

v7.2.3

v7.2.4

v7.3

v7.3.1

v7.4

v7.5

v7.6

v7.6.1

v7.7

v7.8

v7.8.1

v7.8.2

v7.8.3

v7.8.4

v7.9

v7.9.1

v7.9.2

v7.9.3

v8.*

v8.0

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.1

v8.1.1

v8.2

v8.2.1

v8.3

v8.3.1

v8.4

v8.5

v8.5.1

v8.5.2

v8.6

v8.6.1

v8.7

v8.8

v8.9

v8.9.1

v8.9.2

v8.9.3

v8.9.4

v8.9.5

v8.9.6

v9.*

v9.0

v9.1

v9.1.1

v9.2.2

v9.3

v9.3.1

v9.3.2

v10.*

v10.1

v10.2

v10.2.1

v10.2.2

v10.2.3

v10.3

v10.3.1

v10.3.2

v10.3.3

v10.4

v10.4.1

v10.4.2

v10.4.3

v10.4.4

v10.5

v10.5.1

v10.5.2

v10.6

v10.6.1

v10.6.2

v10.6.3

v10.7

v10.7.1

v10.8

v10.8.1

v10.8.2

v10.8.3

v10.8.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-f8hp-grmr-pp7j/GHSA-f8hp-grmr-pp7j.json"