VDB
KO
HIGH 8.8

PYSEC-2026-824

CSV Injection in inventree

Details

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / inventree
Introduced in: 0 Fixed in: 0.7.2
Fix pip install --upgrade 'inventree>=0.7.2'

References