CSV-Safe improperly filters special characters potentially leading to CSV injection
Published: May 03, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2022-28481 (NVD)
- GHSA: GHSA-f55g-x8qq-2569
- Vendor Advisory: https://github.com/zvory/csv-safe/issues/7
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
>= 3.0.0
DESCRIPTION
CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.