How severe is CVE-2024-28111?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-28111?

This is classified as CWE-1236, which is a common weakness in software security.

CVE-2024-28111 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue.

Related Vulnerabilities

CVE-2019-13181

MEDIUM

CVSS:6.5(Medium)

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

CWE-12362019

CVE-2019-16959

MEDIUM

CVSS:6.5(Medium)

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

CWE-12362019

CVE-2019-6187

MEDIUM

CVSS:6.5(Medium)

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC...

CWE-12362019

CVE-2020-4627

MEDIUM

CVSS:6.5(Medium)

IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. ...

CWE-12362020

CVE-2021-41270

MEDIUM

CVSS:6.5(Medium)

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 befo...

CWE-12362021

CVE-2023-50448

MEDIUM

CVSS:6.5(Medium)

In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain...

CWE-12362023