CVE-2017-18049: Injection Vulnerability

January 23, 2018 (updated February 13, 2018)

In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.

References

nvd.nist.gov/vuln/detail/CVE-2017-18049
www.exploit-db.com/exploits/43396/
www.silverstripe.org/download/security-releases/ss-2017-007

Code Behaviors & Features

Detect and mitigate CVE-2017-18049 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →