Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
CVE-2023-2258

8.8HIGH

Key Information:

Vendor: Alfio-event
Status: Alfio-event/alf.io
Vendor: CVE Published:; 24 April 2023

🔔 Create Alfio-event Vulnerability Alert

What is CVE-2023-2258?

Alf.io versions prior to 2.0-M4-2304 contain a vulnerability that arises from improper neutralization of formula elements in CSV files. This flaw could potentially allow attackers to manipulate CSV file entries, leading to unintended code execution or data corruption when these files are processed by applications that do not handle such elements securely. Proper input validation and sanitization are crucial to mitigate the risks associated with this vulnerability.

Affected Version(s)

alfio-event/alf.io < 2.0-M4-2304

References

https://github.com/alfio-event/alf.io/commit/94e2923a3174...

https://huntr.dev/bounties/31eaf0fe-4d91-4022-aa9b-802bc6...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2023
Vulnerability Reserved
Apr 24, 2023