CVE-2025-49597: CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes in handcraftedinthealps goodby-csv
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.
CVE-2025-49597: CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes in handcraftedinthealps goodby-csv
Description
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-06-06T15:44:21.557Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 684c8450a8c921274380e66b
Added to database: 6/13/2025, 8:04:32 PM
Last updated: 6/13/2025, 8:05:33 PM
Views: 1
Related Threats
CVE-2025-49587: CWE-357: Insufficient UI Warning of Dangerous Operations in xwiki xwiki-platform
MediumCVE-2025-49586: CWE-863: Incorrect Authorization in xwiki xwiki-platform
HighCVE-2025-49585: CWE-357: Insufficient UI Warning of Dangerous Operations in xwiki xwiki-platform
HighCVE-2025-49584: CWE-201: Insertion of Sensitive Information Into Sent Data in xwiki xwiki-platform
HighCVE-2025-49583: CWE-270: Privilege Context Switching Error in xwiki xwiki-platform
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.