Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0) [CVE-2022-28481] #7

Closed
danishtariqq opened this issue Mar 10, 2022 · 7 comments

Comments

@danishtariqq
Copy link
Contributor

danishtariqq commented Mar 10, 2022

Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0)

Vulnerability Type
CSV Injection

Product
csv-safe

Affected Product Code Base
CSV-safe - <3.0.0 are effected

Affected Component
Sanitization of CSV Injection vectors.

Attack Type
Remote

Attack Vector
%0A-3+3+cmd|' /C calc'!D2 could be used to bypass CSV injection sanitizations in older versions.

Credits
Danish Tariq
Ali Hassan Ghori
Hassan Khan Yusufzai

Fixed by
Gabriel Rios - #8

References
https://github.com/zvory/csv-safe
#8
https://hackerone.com/reports/223999
WeblateOrg/weblate@d9e136f
https://bugzilla.mozilla.org/show_bug.cgi?id=1259881

@zvory
Copy link
Owner

zvory commented Mar 17, 2022

Thank you.

@danishtariqq
Copy link
Contributor Author

#8

@danishtariqq
Copy link
Contributor Author

@zvory Can we claim CVE for this? i.e. Older version was not secured properly to filtrate enough characters against CSV Injection so was not fully securing and thus could be a cause of vulnerability in applications using older versions of csv-safe gem.

Steps needs to be done could be simply putting it in the Security advisory of your repository and adding details on why the newer version was created.

@zvory
Copy link
Owner

zvory commented Mar 24, 2022

@danishtariqq Could you put up a PR?

@danishtariqq
Copy link
Contributor Author

@danishtariqq Could you put up a PR?

#8 @zvory

@zvory
Copy link
Owner

zvory commented Mar 27, 2022

@danishtariqq Oh sorry I meant for the CVE. I assumed that went into the repo. If it doesn't, feel free to make one! Sounds like a good idea.

@danishtariqq danishtariqq changed the title More special characters needs to be filtered out for a better security Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (> 3.0.0) Mar 28, 2022
@danishtariqq danishtariqq changed the title Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (> 3.0.0) Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0) Mar 28, 2022
@danishtariqq
Copy link
Contributor Author

@zvory - #9

@danishtariqq danishtariqq changed the title Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0) Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0) [CVE-2022-28481] May 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants