HIGH 8.8
PYSEC-2026-824
CSV Injection in inventree
Details
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-2112 [ADVISORY]
- https://github.com/inventree/inventree/commit/26bf51c20a1c9b3130ac5dd2e17649bece5ff84f [WEB]
- https://github.com/inventree/InvenTree [PACKAGE]
- https://huntr.dev/bounties/e57c36e7-fa39-435f-944a-3a52ee066f73 [WEB]
- https://pypi.org/project/inventree [PACKAGE]
- https://github.com/advisories/GHSA-9hx5-jmxv-x44q [ADVISORY]