Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.
References
Link | Resource |
---|---|
https://github.com/pimcore/pimcore/pull/9992 | Patch Third Party Advisory |
https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-08-18T14:45:10
Updated: 2021-08-18T14:45:10
Reserved: 2021-07-29T00:00:00
Link: CVE-2021-37702
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-18T15:15:07.920
Modified: 2021-08-26T01:10:59.447
Link: CVE-2021-37702
JSON object: View
Redhat Information
No data.
CWE