logo

Database

Lack of data validation In @tryghost/members-csv

Description

Ghost allows CSV Injection during member CSV export Ghost before 5.82.0 allows CSV Injection during a member CSV export.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-344482. NVD-2024-344483. OSV-2024-344484. GCVE-2024-34448

References

1. https://github.com/TryGhost/Ghost/commit/de668e7950a019a204b2df0c84596ea0fa32cce62. https://github.com/phulelouch/CVEs/blob/main/CVE-2024-34448.md

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.