VYPR
Moderate severityNVD Advisory· Published Aug 18, 2021· Updated Aug 4, 2024

Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

CVE-2021-37702

Description

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pimcore/pimcorePackagist
< 10.1.110.1.1

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.