The CSV export in Apache LDAP Studio and Apache Directory Studio prior to 2.0.0-M10 does not properly escape field values, which might allow malicious users to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache ldap studio 0.6.0 |
||
apache ldap studio 0.7.0 |
||
apache ldap studio 0.8.0 |
||
apache ldap studio 0.8.1 |
||
apache directory studio 1.0.0 |
||
apache directory studio 1.0.1 |
||
apache directory studio 1.1.0 |
||
apache directory studio 1.2.0 |
||
apache directory studio 1.3.0 |
||
apache directory studio 1.4.0 |
||
apache directory studio 1.5.0 |
||
apache directory studio 1.5.1 |
||
apache directory studio 1.5.2 |
||
apache directory studio 1.5.3 |
||
apache directory studio 2.0.0 |