Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-p33r-uxhp-q3eu
Vulnerability ID VCID-p33r-uxhp-q3eu
Aliases CVE-2021-37702
GHSA-pp2h-95hm-hv9r
Summary Improper Neutralization of Formula Elements in a CSV File Pimcore is an open source data & experience management platform., Data Object CSV import allows formular injection. The problem is patched Aside from upgrading, one may apply the patch manually as a workaround.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1236 Improper Neutralization of Formula Elements in a CSV File
System Score Found at
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2021-37702
generic_textual MODERATE https://github.com/pimcore/pimcore
generic_textual MODERATE https://github.com/pimcore/pimcore/pull/9992
generic_textual MODERATE https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-37702
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-37702
https://github.com/pimcore/pimcore
https://github.com/pimcore/pimcore/pull/9992
https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r
CVE-2021-37702 https://nvd.nist.gov/vuln/detail/CVE-2021-37702
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.10967
EPSS Score 0.00036
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:39:38.502284+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2021-37702.yml 38.6.0