Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSV Injection in exported history CSV files
Vulnerability Description
Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
CWE-1236
Vulnerability Title
Thinkst Canarytokens 安全漏洞
Vulnerability Description
Thinkst Canarytokens是一套网络活动跟踪系统。 Thinkst Canarytokens sha-c595a1f8之前版本存在安全漏洞,该漏洞源于容易受到CSV注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A