Some Natalie · Ghas-To-Csv · CVE-2022-39217
**Name of the Vulnerable Software and Affected Versions**
some-natalie/ghas-to-csv versions prior to v1
**Description**
The issue arises from the GitHub Action creating a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code or formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program.
**Recommendations**
For versions prior to v1, update to version v1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of custom fields that may contain executable code or formulas in the GitHub Advanced Security API until the update is applied.