PT-2020-10365 · Dominik Reichl+2 · Keepass+2

Published

2020-01-09

Updated

2020-11-17

CVE-2019-20184

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KeePass version 2.4.1

Description The issue allows CSV injection in the title field of a CSV export.

Recommendations For version 2.4.1, avoid using the title field in CSV exports until a fix is available. As a temporary workaround, consider manually validating and sanitizing the title field data before exporting to CSV.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1236

Related Identifiers

CVE-2019-20184

Affected Products

Debian

Keepass

Keepass2

PT-2020-10365 · Dominik Reichl+2 · Keepass+2

CVE-2019-20184

Weakness Enumeration

Related Identifiers

Affected Products

References · 9