CVE-2015-5349: Apache Directory Studio command injection vulnerability Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - Apache LDAP Studio 0.6.0 to 0.8.1 - Apache Directory Studio 1.0.0 to 2.0.0-M9 Description: The CSV export didn’t escape the fields properly. Malicious users can put specially crafted values into the LDAP server. When a user exports that data into CSV formatted file, and subsequently opens it with a spreadsheet application, the data is interpreted as a formula and executed. Mitigation: Users should upgrade to Apache Directory Studio 2.0.0-M10 Credit: This issue was discovered by Muhammad Shahmeer Amir.
