Back to search
CVE-2015-5349
Published: Apr 11, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://directory.apache.org/studio/news.html
x_refsource_CONFIRM
20160102 [SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability
mailing-list
x_refsource_BUGTRAQ
[directory-commits] 20210724 [directory-site] branch master updated: Publish CVE-2021-33900
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now