CNNVD-202508-1373 Information

CNNVD ID

CNNVD-202508-1373

Related CVE

CVE-2025-52386

• CNNVD Published: 2025-08-13

Description (Chinese)

CycloneDX Sunshine是CycloneDX开源的一个可视化工具。 CycloneDX Sunshine v0.9版本存在安全漏洞，该漏洞源于处理JSON文件时未验证公式，可能导致CSV注入攻击。

Description (English)

CycloneDX Sunshine is a visualizing tool for the CycloneDX open source. There is a security loophole in version CycloneDX Sunshine v. 0.9, which stems from the non-validation of the formula when processing JSON documents, which could lead to an attack by CSV.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CycloneDX

Published

2025-08-13

Last Modified

2026-02-24

References

https://github.com/VishalSreenivas/Formula-Injection-in-CycloneDX-Sunshine/blob/main/payload.json https://github.com/VishalSreenivas/Formula-Injection-in-CycloneDX-Sunshine/blob/main/CVE-2025-52386.md https://github.com/CycloneDX/Sunshine https://access.redhat.com/security/cve/cve-2025-52386