How severe is CVE-2024-53260?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-53260?

This is classified as CWE-1236, which is a common weakness in software security.

CVE-2024-53260 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This could lead to leakage of information of students in the course roster by sending the data to a remote endpoint. This issue has been patched in the source code repository and the fix is expected to be released in the next version. Users are advised to manually patch their systems or to wait for the next release. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2018-9137

MEDIUM

CVSS:6.8(Medium)

Open-AudIT before 2.2 has CSV Injection.

CWE-12362018

CVE-2019-20180

MEDIUM

CVSS:6.8(Medium)

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that...

CWE-12362019

CVE-2019-4071

MEDIUM

CVSS:6.8(Medium)

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper valida...

CWE-12362019

CVE-2020-4689

MEDIUM

CVSS:6.8(Medium)

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceI...

CWE-12362020

CVE-2021-36334

MEDIUM

CVSS:6.8(Medium)

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code ex...

CWE-12362021

CVE-2021-37131

MEDIUM

CVSS:6.8(Medium)

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV ...

CWE-12362021