In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.html | Exploit Third Party Advisory VDB Entry |
https://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42f | Patch Third Party Advisory |
https://github.com/anuko/timetracker/security/advisories/GHSA-prjf-9mgh-8fpv | Third Party Advisory |
https://www.exploit-db.com/exploits/49027 | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.html | Exploit Third Party Advisory VDB Entry |
https://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42f | Patch Third Party Advisory |
https://github.com/anuko/timetracker/security/advisories/GHSA-prjf-9mgh-8fpv | Third Party Advisory |
https://www.exploit-db.com/exploits/49027 | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 05:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 8.7 |
References | () http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42f - Patch, Third Party Advisory | |
References | () https://github.com/anuko/timetracker/security/advisories/GHSA-prjf-9mgh-8fpv - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/49027 - Exploit, Third Party Advisory, VDB Entry |
18 Nov 2021, 16:17
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1236 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 7.3 |
References | (MISC) http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://www.exploit-db.com/exploits/49027 - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2020-10-16 17:15
Updated : 2024-11-21 05:05
NVD link : CVE-2020-15255
Mitre link : CVE-2020-15255
CVE.ORG link : CVE-2020-15255
JSON object : View
Products Affected
anuko
- time_tracker