|Topic||CSV Injection on node label|
|Affects||Guardian, CMC < v19.0.4|
|CVE Risk Level||High|
|Risk Level for Nozomi customers||Medium|
CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. An authenticated malicious user can insert a crafted formula in the node label that can be later executed on another system after another user has downloaded and opened the node list export.
Guardian/CMC starting before v19.0.4 are affected.
Guardian, CMC < v19.0.4
Upgrade to v19.0.4
We thank the following parties for their efforts: