High severity7.8NVD Advisory· Published Apr 11, 2016· Updated Jun 17, 2026
CVE-2015-5349
CVE-2015-5349
Description
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.coreMaven | < 2.0.0.v20151221-M10 | 2.0.0.v20151221-M10 |
Affected products
28cpe:2.3:a:apache:directory_studio:1.0.0:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:apache:directory_studio:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:2.0.0:milestone1:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:2.0.0:milestone2:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:2.0.0:milestone3:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:2.0.0:milestone4:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:2.0.0:milestone5:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:2.0.0:milestone6:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:2.0.0:milestone7:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:2.0.0:milestone8:*:*:*:*:*:*
- cpe:2.3:a:apache:directory_studio:2.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:ldap_studio:0.6.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:apache:ldap_studio:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ldap_studio:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ldap_studio:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ldap_studio:0.8.1:*:*:*:*:*:*:*
- ghsa-coordsRange: < 2.0.0.v20151221-M10
Patches
Vulnerability mechanics
References
8- directory.apache.org/studio/news.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-p9qj-4rjp-j3w9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5349ghsaADVISORY
- github.com/apache/directory-studio/commit/ac57a26fcb98aa17fe9534575cf5fdad00a1c839ghsaWEB
- lists.apache.org/thread.html/reb5443aaf781b364896ee9d7cf6e97fdc4f5a5174132c319252963b6@%3Ccommits.directory.apache.org%3EghsaWEB
- web.archive.org/web/20201209040832/http://www.securityfocus.com/archive/1/537225/100/0/threadedghsaWEB
- www.securityfocus.com/archive/1/537225/100/0/threadednvd
- lists.apache.org/thread.html/reb5443aaf781b364896ee9d7cf6e97fdc4f5a5174132c319252963b6%40%3Ccommits.directory.apache.org%3Envd
News mentions
0No linked articles in our index yet.