Moderate severityNVD Advisory· Published Aug 18, 2021· Updated Aug 4, 2024
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore
CVE-2021-37702
Description
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pimcore/pimcorePackagist | < 10.1.1 | 10.1.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-pp2h-95hm-hv9rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-37702ghsaADVISORY
- github.com/pimcore/pimcore/pull/9992ghsax_refsource_MISCWEB
- github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9rghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.