Package
jshmrtn/hygeia/pkgs/container/hygeia
(GitHub Packages)
Affected versions
> 1.11.0
Impact
- All CSV Exports contain a CSV Injection Vulnerability
- BAG MED Exports
- Statistics Exports
Exploit
- A user enters a malicious formula into one of the exported fields
- Another user exports the data
- Opens the file with an editor like Excel
- The malicious formula is executed
This vulnerability has been discovered at a penetration test. It has not been exploited.
Patches
Workarounds
None
References
For more information
If you have any questions or comments about this advisory:
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
Impact
Exploit
This vulnerability has been discovered at a penetration test. It has not been exploited.
Patches
Workarounds
None
References
For more information
If you have any questions or comments about this advisory: