|Topic||CSV Injection on node label|
|Affects||N2OS <v19.0.4, Guardian and CMC|
|CVE Risk Level||High|
|Risk Level for Nozomi customers||Medium|
CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. An authenticated malicious user can insert a crafted formula in the node label that can be later executed on another system after another user has downloaded and opened the node list export.
Guardian/CMC starting before v19.0.4 are affected.
Upgrade to v19.0.4
2019-11-11: Initial revision
Jonas Becker - Deloitte GmbH