.csv

Search services

Search tools and open pages quickly

תובנות · 6 דק׳ קריאה

CSV injection and formula hijacking: what viewers should avoid executing

Cells beginning with =, +, -, @ can trigger spreadsheet formulas, awareness for security teams and CSV tooling.

פורסם ב-21 במרץ 2025 · Table

When CSV opens in Excel or Sheets, a cell like =cmd|... can be interpreted as a formula. Pure viewers that do not execute formulas reduce that class of risk compared to full spreadsheet apps.

Defenses

  • Strip or prefix risky leading characters in untrusted feeds.
  • Open unknown files in a sandboxed viewer first.
  • Train finance users on "enable content" prompts.

← כל המאמרים

בשימוש צוותים מובילים

לוגואים בגלילה (כל קישור פותח את אתר המותג בלשונית חדשה): Google, Apple, Meta, GitHub, Stripe, Shopify, Databricks, Snowflake, Notion, Vercel, Intel, NVIDIA, Netflix, Spotify, Airbnb, Yale, Harvard University, Massachusetts Institute of Technology, Stanford University, University of California, Berkeley, Princeton University, California Institute of Technology, Columbia University, University of Chicago, Cornell University, Duke University, Carnegie Mellon University, Georgia Institute of Technology, Johns Hopkins University, Northwestern University, University of Toronto, McGill University, University of Oxford, University of Cambridge, Imperial College London, University College London, ETH Zurich, EPFL, Technical University of Munich, Sorbonne University, KU Leuven, National University of Singapore, Nanyang Technological University, Tsinghua University, Peking University, The University of Tokyo, KAIST, Seoul National University, University of Melbourne, Australian National University, University of Sydney, The University of Hong Kong.