PT-2021-23111 · Hygeia · Hygeia

Maennchen

Published

2021-10-06

Updated

2021-10-14

CVE-2021-41128

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions Hygeia versions prior to 1.30.4

Description The issue concerns a CSV Injection Vulnerability in the CSV Exports feature of the Hygeia application, which is used for collecting and processing personal and case data related to communicable diseases. This vulnerability allows users to submit formulas as exported fields, which are then executed when the exported file is ingested. The lack of validation or sanitization of these formula fields enables malicious actors to construct and execute malicious code.

Recommendations For versions prior to 1.30.4, upgrade to version 1.30.4 to resolve the issue.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2021-41128

GHSA-8PWV-JHJ2-2369

Affected Products

Hygeia

PT-2021-23111 · Hygeia · Hygeia

CVE-2021-41128

Weakness Enumeration

Related Identifiers

Affected Products

References · 7