CVE-2018-1627531.08.2018, 13:29OPSWAT MetaDefender before v4.11.2 allows CSV injection.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.8 HIGHLOCALLOWNONECVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 52%VendorProductVersionopswatmetadefender𝑥< 4.11.2𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-1236 - Improper Neutralization of Formula Elements in a CSV FileThe software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.Referenceshttps://onlinehelp.opswat.com/corev4/10._Release_notes.htmlhttps://onlinehelp.opswat.com/corev4/10._Release_notes.html