all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CSV/Formula Injection in Medplum

Add to bookmarks
March 28, 2024, 10:21 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

CSV/Formula Injection in Medplum


CVE Number

CVE-2024-29381


Loginsoft ID

Loginsoft-2024-1012


Description

The application “Medplum” is affected by CSV/formula injection vulnerability, posing a risk of exposing sensitive data. An attacker could inject a malicious payload into input fields. Subsequently, when a high-privileged user exports the data as CSV, the injected payload may be executed.


CWE

CWE-1236: Improper Neutralization of Formula Elements in a CSV File


Affected Versions

< v3.0.8


CVSS

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N 6.8(Medium)


Steps To Reproduce


  1. Create a new …

application attacker csv cve cve-2024 cwe data exports exposing high inject injection input malicious malware analysis may payload privileged privileged user risk sensitive sensitive data vulnerability

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Cybersecurity firm Darktrace sold to Thoma Bravo for $5.3 billion 8 hours ago | malware.news
acquisition article cybersecurity darktrace +5
Arctic Wolf Recognized as a Leader in Frost & Sullivan Managed Detection and Response Report 9 hours ago | malware.news
amp and response april arctic +20
CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche 9 hours ago | malware.news
april avalanche components critical +19
Showcasing Artwork by Max for Autism Awareness Month 10 hours ago | malware.news
art article artwork autism +6
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381 11 hours ago | malware.news
article cisco deepfakes flowmon +6
Kaiser Permanente notifies 13.4M patients of potential data exposure 11 hours ago | malware.news
apps article data data exposure +16
Impact of organizational structure on ransomware outcomes: Where does your org fit in? 11 hours ago | malware.news
article challenges core security detection +15
VA is warning veterans about Change Healthcare cyberattack, secretary says 12 hours ago | malware.news
alerting article attack change +14
Outsmarting the Adversaries: How AI is Transforming Threat Detection & Response 12 hours ago | malware.news
abnormal adlumin adversaries amp +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior InfoSec Manager - Risk and Compliance

@ Federal Reserve System | Remote - Virginia
View on infosec-jobs.com

Security Analyst

@ Fortra | Mexico
View on infosec-jobs.com

Incident Responder

@ Babcock | Chester, GB, CH1 6ER
View on infosec-jobs.com

Vulnerability, Access & Inclusion Lead

@ Monzo | Cardiff, London or Remote (UK)
View on infosec-jobs.com

Information Security Analyst

@ Unissant | MD, USA
View on infosec-jobs.com
View more jobs