In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/159996/Anuko-Time-Tracker-1.19.23.5325-CSV-Injection.html | Exploit Third Party Advisory VDB Entry |
https://github.com/anuko/timetracker/commit/d9472904361495f318c9d0294ffd28acaaeae42f | Patch Third Party Advisory |
https://github.com/anuko/timetracker/security/advisories/GHSA-prjf-9mgh-8fpv | Third Party Advisory |
https://www.exploit-db.com/exploits/49027 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-10-16T16:20:16
Updated: 2020-11-16T00:45:40
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15255
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-16T17:15:12.137
Modified: 2021-11-18T16:17:37.940
Link: CVE-2020-15255
JSON object: View
Redhat Information
No data.