all InfoSec news
CSV/Formula Injection in Medplum
Malware Analysis, News and Indicators - Latest topics malware.news
CSV/Formula Injection in Medplum
CVE Number
CVE-2024-29381
Loginsoft ID
Loginsoft-2024-1012
Description
The application “Medplum” is affected by CSV/formula injection vulnerability, posing a risk of exposing sensitive data. An attacker could inject a malicious payload into input fields. Subsequently, when a high-privileged user exports the data as CSV, the injected payload may be executed.
CWE
CWE-1236: Improper Neutralization of Formula Elements in a CSV File
Affected Versions
< v3.0.8
CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N 6.8(Medium)
Steps To Reproduce
- Create a new …
application attacker csv cve cve-2024 cwe data exports exposing high inject injection input malicious malware analysis may payload privileged privileged user risk sensitive sensitive data vulnerability