Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
CVE-2023-2258

8.8HIGH

Key Information:

Vendor: Alfio-event
Status: Alfio-event/alf.io
Vendor: CVE Published:; 24 April 2023

🔔 Create Alfio-event Vulnerability Alert

What is CVE-2023-2258?

Alf.io versions prior to 2.0-M4-2304 contain a vulnerability that arises from improper neutralization of formula elements in CSV files. This flaw could potentially allow attackers to manipulate CSV file entries, leading to unintended code execution or data corruption when these files are processed by applications that do not handle such elements securely. Proper input validation and sanitization are crucial to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

alfio-event/alf.io < 2.0-M4-2304

References

https://github.com/alfio-event/alf.io/commit/94e2923a3174...

https://huntr.dev/bounties/31eaf0fe-4d91-4022-aa9b-802bc6...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2023
Vulnerability Reserved
Apr 24, 2023

JSON

Alfio-event

What is CVE-2023-2258?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.