Skip to content

Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

Moderate
brusch published GHSA-pp2h-95hm-hv9r Aug 18, 2021

Package

composer pimcore/pimcore (Composer)

Affected versions

<10.1.1

Patched versions

10.1.1

Description

Impact

Data Object CSV import allows formular injection.

Patches

Problem is patched in 10.1.1

Workarounds

Apply https://github.com/pimcore/pimcore/pull/9992.patch

References

https://cwe.mitre.org/data/definitions/1236.html

Severity

Moderate

CVE ID

CVE-2021-37702

Weaknesses