SecBoard
Zurück zur CVE-Übersicht

CVE-2026-9673

MEDIUM(6.8)

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Risk Signal Score17/100 — NIEDRIG
  • CVSS 6.8 — Mittel

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.8

Technische Schwere

Beschreibung

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.

GitHub Advisories

GHSA-g27c-q7cp-mhx6MEDIUM

json-2-csv vulnerable to CSV Injection via the preventCsvInjection optio

npm/json-2-csv5.5.11
GitHub Advisory

Referenzen