Lucene search
GoogleOSV:GHSA-P9QJ-4RJP-J3W9HistoryMay 13, 2022 - 1:07 a.m.
Apache Directory Studio Command Injection
2022-05-1301:07:08
Google
osv.dev
7
apache directory studio
ldap
command injection
csv export
security vulnerability
EPSS
0.001
Percentile
39.5%
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.
References
directory.apache.org/studio/news.html
github.com/apache/directory-studio
github.com/apache/directory-studio/commit/ac57a26fcb98aa17fe9534575cf5fdad00a1c839
lists.apache.org/thread.html/reb5443aaf781b364896ee9d7cf6e97fdc4f5a5174132c319252963b6@%3Ccommits.directory.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2015-5349
web.archive.org/web/20201209040832/www.securityfocus.com/archive/1/537225/100/0/threaded
Related
debiancve
debiancve
CVE-2015-5349
2016-04-11 21:59:06
cvelist
cvelist
CVE-2015-5349
2016-04-11 21:00:00
nvd
nvd
CVE-2015-5349
2016-04-11 21:59:06
prion
prion
Design/Logic Flaw
2016-04-11 21:59:00
github
github
Apache Directory Studio Command Injection
2022-05-13 01:07:08
cve
cve
CVE-2015-5349
2016-04-11 21:59:06