CVE-2023-2629 MEDIUM

CVE-2023-2629: Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework

Vendor Pimcore
Product pimcore/customer-data-framework
Weakness CWE-1236
Published May 10, 2023
Last update January 27, 2025

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L

What the vulnerability does

01Description

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.

Key dates

02Disclosure timeline

May 10, 2023 CVE published
January 27, 2025 Record updated