Improper Neutralization of Formula Elements in a CSV File in inventree/inventree
CVE-2022-2112

9CRITICAL

Key Information:

Vendor

Inventree

Status
Inventree/inventree
Vendor
CVE Published:
17 June 2022

What is CVE-2022-2112?

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.

Affected Version(s)

inventree/inventree < 0.7.2

References

https://github.com/inventree/inventree/commit/26bf51c20a1...
x_refsource_MISC
https://huntr.dev/bounties/e57c36e7-fa39-435f-944a-3a52ee...
x_refsource_CONFIRM

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.