High severityNVD Advisory· Published Apr 14, 2022· Updated Aug 4, 2024
CVE-2021-43257
CVE-2021-43257
Description
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mantisbt/mantisbtPackagist | < 2.25.3 | 2.25.3 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rg8f-5p7x-m6wvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-43257ghsaADVISORY
- github.com/mantisbt/mantisbt/commit/7f4534c723e3162b8784aebda4836324041dbc3eghsax_refsource_MISCWEB
- github.com/mantisbt/mantisbt/commit/99eb8d41cbacc703f88807898dcc9ac55eec0f15ghsaWEB
- www.mantisbt.org/bugs/view.phpghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.