What is GHSA-hwpv-w8h7-v7qm?

GHSA-hwpv-w8h7-v7qm is a security advisory published by GitHub Security Advisories with Medium severity. Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not...

Which CVE IDs does GHSA-hwpv-w8h7-v7qm cover?

GHSA-hwpv-w8h7-v7qm covers the following CVE IDs: CVE-2026-9101. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-hwpv-w8h7-v7qm?

GHSA-hwpv-w8h7-v7qm has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-hwpv-w8h7-v7qmMediumCVSS 4.3

Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not...

Vendor

GitHub Security Advisories

Published

May 20, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-9101 →

📋 Description

Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to "1-click" command execution.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-9101
https://jira.mongodb.org/browse/COMPASS-10657
https://github.com/advisories/GHSA-hwpv-w8h7-v7qm