{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28111", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-04T14:19:14.059Z", "datePublished": "2024-03-06T21:15:02.404Z", "dateUpdated": "2024-08-02T00:48:49.290Z"}, "containers": {"cna": {"title": "CSV Injection in exported history CSV files", "problemTypes": [{"descriptions": [{"cweId": "CWE-1236", "lang": "en", "description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv"}, {"name": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa", "tags": ["x_refsource_MISC"], "url": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa"}], "affected": [{"vendor": "thinkst", "product": "canarytokens", "versions": [{"version": "< sha-c595a1f8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T21:15:02.404Z"}, "descriptions": [{"lang": "en", "value": "Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue."}], "source": {"advisory": "GHSA-fqh6-v4qp-65fv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-01T16:35:12.352786Z", "id": "CVE-2024-28111", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T16:35:20.228Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.290Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv"}, {"name": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv", "name": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa", "name": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.290Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28111", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T16:35:12.352786Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T16:35:17.172Z"}}], "cna": {"title": "CSV Injection in exported history CSV files", "source": {"advisory": "GHSA-fqh6-v4qp-65fv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "thinkst", "product": "canarytokens", "versions": [{"status": "affected", "version": "< sha-c595a1f8"}]}], "references": [{"url": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv", "name": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa", "name": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1236", "description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T21:15:02.404Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28111", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:48:49.290Z", "dateReserved": "2024-03-04T14:19:14.059Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-06T21:15:02.404Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thinkst:canarytokens:*:*:*:*:*:*:*:*", "matchCriteriaId": "81A98986-2BA6-4270-9F0C-C6D99E059E2D", "versionEndExcluding": "sha-c595a1f8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue."}, {"lang": "es", "value": "Canarytokens ayuda a rastrear la actividad y las acciones en una red. Canarytokens.org admite la exportaci\u00f3n del historial de incidentes de un Canarytoken en formato CSV. La generaci\u00f3n de estos archivos CSV es vulnerable a una vulnerabilidad de inyecci\u00f3n CSV. Esta falla puede ser utilizada por un atacante que descubre un Canarytoken basado en HTTP para atacar al propietario del Canarytoken, si el propietario exporta el historial de incidentes a CSV y lo abre en una aplicaci\u00f3n de lectura como Microsoft Excel. El impacto es que este problema podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en la m\u00e1quina en la que se abre el archivo CSV. La versi\u00f3n sha-c595a1f8 contiene una soluci\u00f3n para este problema."}], "id": "CVE-2024-28111", "lastModified": "2025-12-05T16:25:22.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-06T22:15:57.780", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1236"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-07-13T11:15:15.669726+00:00", "updated": "2025-07-13T11:15:15.669795+00:00", "vendors": ["thinkst", "thinkst$PRODUCT$canarytokens"]}