timeseries-forecast icon indicating copy to clipboard operation
timeseries-forecast copied to clipboard

Published 20 hours ago verified publisher icon Workday

Vulnerability in Library

Open rupeshdabbir opened this issue 3 years ago • 1 comments

Hello,

We came across this Security Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2019-12134

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.

Wanted to understand if a fix has been made on this one or if it's really a valid issue?

Thank you Rupesh

rupeshdabbir avatar Mar 02 '22 20:03 rupeshdabbir

Tagging @yonseokim @AceForecast @jtschult

We really appreciate all the work that you guys do and I'd appreciate if you can take a look 🙏

rupeshdabbir avatar Mar 04 '22 21:03 rupeshdabbir