CVE-2019-14352
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-14352
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14352.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-14352
- Published
- 2019-07-28T17:15:10.940Z
- Modified
- 2025-11-14T09:12:50.357660Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crmcommunity/crmuserviewsales//account_new with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended export format for spreadsheet applications
- Database specific
{ "isDisputed": true }- References
Affected packages
Git / github.com/jogetworkflow/jw-community
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jogetworkflow/jw-community
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
5.*
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.2
5.0.20
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
6.*
6.0-BETA1
6.0-BETA2
6.0-BETA3
6.0-BETA4
6.0-RC
6.0-RC2
6.0.0
6.0.1
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16
6.0.17
6.0.18
6.0.19
6.0.2
6.0.20
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9