cnvd - cnvd-2020-03828

cnvd-2020-03828

Vulnerability from cnvd

Title

KeePass CSV注入漏洞

Description

KeePass是一款免费开源密码管理器，可帮助您以安全的方式管理密码。 KeePass 2.4.1及更早版本存在CSV注入漏洞，攻击者可通过CSV导出的title字段利用该漏洞进行CSV注入攻击。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://keepass.info/

Reference

https://medium.com/@Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a https://nvd.nist.gov/vuln/detail/CVE-2019-20184

Impacted products

Name
KeePass KeePass <=2.4.1

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-20184",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20184"
    }
  },
  "description": "KeePass\u662f\u4e00\u6b3e\u514d\u8d39\u5f00\u6e90\u5bc6\u7801\u7ba1\u7406\u5668\uff0c\u53ef\u5e2e\u52a9\u60a8\u4ee5\u5b89\u5168\u7684\u65b9\u5f0f\u7ba1\u7406\u5bc6\u7801\u3002\n\nKeePass 2.4.1\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728CSV\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7CSV\u5bfc\u51fa\u7684title\u5b57\u6bb5\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884cCSV\u6ce8\u5165\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://keepass.info/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03828",
  "openTime": "2020-02-05",
  "products": {
    "product": "KeePass KeePass \u003c=2.4.1"
  },
  "referenceLink": "https://medium.com/@Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20184",
  "serverity": "\u4e2d",
  "submitTime": "2020-01-09",
  "title": "KeePass CSV\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2019-20184 (GCVE-0-2019-20184)

Vulnerability from cvelistv5

Published

2020-01-09 21:09

Modified

2024-08-05 02:39

Severity ?

CWE

n/a

Summary

KeePass 2.4.1 allows CSV injection in the title field of a CSV export.

References

URL

Tags

https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:39:09.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "KeePass 2.4.1 allows CSV injection in the title field of a CSV export."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-09T21:09:41",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-20184",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "KeePass 2.4.1 allows CSV injection in the title field of a CSV export."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/@Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a",
              "refsource": "MISC",
              "url": "https://medium.com/@Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-20184",
    "datePublished": "2020-01-09T21:09:41",
    "dateReserved": "2019-12-31T00:00:00",
    "dateUpdated": "2024-08-05T02:39:09.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.