How severe is CVE-2022-28481?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-28481?

This is classified as CWE-1236, which is a common weakness in software security.

CVE-2022-28481

Q: What is CVE-2022-28481?

CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-1236

View all →

Vulnerability Description

CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.

CVE-2018-11652

CRITICAL

CVSS:9.8(Critical)

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV re...

CWE-12362018

CVE-2018-20752

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a us...

CWE-12362018

CVE-2018-8092

CRITICAL

CVSS:9.8(Critical)

Mautic before 2.13.0 allows CSV injection.

CWE-12362018

CVE-2019-0403

CRITICAL

CVSS:9.8(Critical)

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

CWE-12362019