CVE-2022-2112
published 2022-06-17CVE-2022-2112: Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
PriorityP339high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.18%
63.8th percentile
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inventree | inventree | >= 0 < 0.7.2 | 0.7.2 |
| inventree | inventree_inventree | >= unspecified < 0.7.2 | 0.7.2 |
| inventree_project | inventree | < 0.7.2 | 0.7.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.09.0CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CSV Injection in inventree
osv·2022-06-18
CVE-2022-2112 [HIGH] CSV Injection in inventree
CSV Injection in inventree
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
GHSA
CSV Injection in inventree
ghsa·2022-06-18
CVE-2022-2112 [HIGH] CWE-1236 CSV Injection in inventree
CSV Injection in inventree
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
Citrix
Citrix Workspace App for Linux Security Update
vendor_citrix·CVSS 7.8
CVE-2022-21825 [HIGH] CWE-284 Citrix Workspace App for Linux Security Update
Citrix Workspace App for Linux Security Update
Vulnerability Type Pre-conditions CVE-2022-21825 Local privilege Escalation CWE-284: Improper Access Control Local user access to a system where Citrix Workspace App for Linux has been installed with App Protection. This vulnerability only affects Citrix Workspace app for Linux 2012 - 2111 and only exists if App Protection was installed as part of Citrix Workspace app for Linux. This vulnerability does not exist if App Protection is not installed. Citrix Workspace app for other platforms is not affected by this issue. Instructions This issue has been addressed in the following versions of Citrix Workspace app for Linux: Citrix Workspace App for Linux 2112 and later versions Citrix strongly recommends that affected customers upgrade to a
CVE
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-17
Published