LinkedIn – CSV Excel formula injection
voidsec2022-01-14T09:22:05+01:00We are proud to publish an undisclosed vulnerability affecting LinkedIn and in particular its "CSV Export" function.
Following our
Vulnerability Disclosure Policy Agreement, LinkedIn Security Team has been informed about this specific issue and this vulnerability will be published without a working PoC.
LinkedIn's users can exports all their connections into a CSV file, that due to some missing filters (escaping output), could allows an attacker to execute a command on the user machine.
An attacker can create a...