Zurück zur CVE-Übersicht
CVE-2026-9673
MEDIUM(6.8)CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Risk Signal Score17/100 — NIEDRIG
- CVSS 6.8 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.8
Technische Schwere
Beschreibung
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.
GitHub Advisories
GHSA-g27c-q7cp-mhx6MEDIUM
json-2-csv vulnerable to CSV Injection via the preventCsvInjection optio
npm/json-2-csv→ 5.5.11
GitHub AdvisoryReferenzen
- https://gist.github.com/whoamins/299745a2d36b482b44e9613b78e40613
- https://github.com/mrodrig/json-2-csv/blob/main/src/json2csv.ts%23L410
- https://github.com/mrodrig/json-2-csv/commit/0fdd0bb6d0273178cd940afc323ccbce196...
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-17115116
- https://security.snyk.io/vuln/SNYK-JS-JSON2CSV-14221326