Impact
Datasets exported to file (e.g. CSV / XLS) are not sufficiently sanitized, to neutralize potential formula injection
Patches
- The issue is addressed in the upcoming 0.8.0 release
- This fix will also be back-ported to the 0.7.x branch, applied to the 0.7.2 release
Workarounds
Users exporting untrusted data should open the files in safe mode (e.g. in Microsoft Excel).
References
For more information
If you have any questions or comments about this advisory:
saharshtapi Analyst
Impact
Datasets exported to file (e.g. CSV / XLS) are not sufficiently sanitized, to neutralize potential formula injection
Patches
Workarounds
Users exporting untrusted data should open the files in safe mode (e.g. in Microsoft Excel).
References
For more information
If you have any questions or comments about this advisory: