Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-40848

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.

Related bugs and status

CVE-2021-40848 (Candidate) is related to these bugs:

Bug #1930471: Exporting of CSV files needs to sanitize data

		In	Importance	Status
1930471	Exporting of CSV files needs to sanitize data	Mahara	High	Fix Released
1930471	Exporting of CSV files needs to sanitize data	Mahara 20.04	High	Fix Released
1930471	Exporting of CSV files needs to sanitize data	Mahara 20.10	High	Fix Released
1930471	Exporting of CSV files needs to sanitize data	Mahara 21.04	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...
MISC: https://mahara.org/int...