Investigate possible vuln in papaparse

scramjetorg / scramjet

Public tracker for Scramjet Cloud Platform, a platform that bring data from many environments together.

https://www.scramjet.org

MIT License

253 stars 20 forks source link

Investigate possible vuln in papaparse #81

Closed MichalCz closed 4 years ago

MichalCz commented 4 years ago

Basics:

According to the report here mholt/PapaParse#793 there's a chance that someone could export a formula in the produced csv and use it as an attack on spreadsheets...

This sounds a bit crazy as:

what if someone actually wanted to output a formula in csv?
it isn't us who's under attack

Anyway Snyk seems to have marked this as a high level, so let's leave it hanging and revisit.

Let's watch this for now and see how the situation develops.

MichalCz commented 4 years ago

Ok, that seems to be nothing...