[GHSA-xhvv-3jww-c487] ActiveAdmin CSV Injection leading to sensitive information disclosure

[jzee-rx]

Updates

• Affected products

Comments
I am the researcher who discovered and reported this CSV Injection vulnerability (CVE-2023-51763) in ActiveAdmin. While the vulnerability is documented, the advisory is currently missing researcher credit.

I am requesting to be added to the Credits section. My discovery and the subsequent fix are documented in the official ActiveAdmin repository under PR #8161 (activeadmin/activeadmin#8161).

[github]

Hi there @deivid-rodriguez! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[helixplant]

Hi!
At this time, we’re unable to assign credits for advisories directly, as credits are managed by the repository maintainers. Please contact the maintainers of the affected repository so they can add the appropriate credit for you.
Here’s an article that explains how advisory credits work: https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories