{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T17:58:28.342","vulnerabilities":[{"cve":{"id":"CVE-2024-28111","sourceIdentifier":"security-advisories@github.com","published":"2024-03-06T22:15:57.780","lastModified":"2025-12-05T16:25:22.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue."},{"lang":"es","value":"Canarytokens ayuda a rastrear la actividad y las acciones en una red. Canarytokens.org admite la exportación del historial de incidentes de un Canarytoken en formato CSV. La generación de estos archivos CSV es vulnerable a una vulnerabilidad de inyección CSV. Esta falla puede ser utilizada por un atacante que descubre un Canarytoken basado en HTTP para atacar al propietario del Canarytoken, si el propietario exporta el historial de incidentes a CSV y lo abre en una aplicación de lectura como Microsoft Excel. El impacto es que este problema podría provocar la ejecución de código en la máquina en la que se abre el archivo CSV. La versión sha-c595a1f8 contiene una solución para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:thinkst:canarytokens:*:*:*:*:*:*:*:*","versionEndExcluding":"sha-c595a1f8","matchCriteriaId":"81A98986-2BA6-4270-9F0C-C6D99E059E2D"}]}]}],"references":[{"url":"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}