[MEDIUM] SilverStripe CSV Excel Macro Injection

PKSA-4npp-z2k1-kdtx CVE-2017-18049 GHSA-2jvj-mhf2-g99w

Affected package: silverstripe/framework

Affected version: >=4.0.0,<4.0.1|>=3.6.0,<3.6.3|<3.5.6

Reported by:
GitHub