High severity8.8NVD Advisory· Published Oct 24, 2017· Updated May 13, 2026
CVE-2017-15879
CVE-2017-15879
Description
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keystonenpm | < 4.0.0-beta7 | 4.0.0-beta7 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/keystonejs/keystone/pull/4478nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-6494-v9fq-fgq2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-15879ghsaADVISORY
- packetstormsecurity.com/files/144755/KeystoneJS-4.0.0-beta.5-Unauthenticated-CSV-Injection.htmlnvdThird Party AdvisoryVDB EntryWEB
- www.exploit-db.com/exploits/43053/nvdThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/43053ghsaWEB
News mentions
0No linked articles in our index yet.