CVE-2021-46363

Name of the Vulnerable Software and Affected Versions Magnolia versions 6.2.3 and below

Description An issue in the Export function of Magnolia allows attackers to perform Formula Injection attacks via crafted CSV/XLS files, potentially resulting in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. Attackers can execute arbitrary code via a crafted CSV/XLS file.

Recommendations For Magnolia versions 6.2.3 and below, consider disabling the Export function until a patch is available to prevent arbitrary code execution via crafted CSV/XLS files. Restrict access to the Export function to minimize the risk of exploitation. Avoid using the Export function with Microsoft Excel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.