CVE-2021-47901 – Dirsearch 0.4.1 contains a CSV injection vulner... (How to Fix)

📋 TL;DR

Dirsearch 0.4.1 contains a CSV injection vulnerability that allows attackers to inject Excel formulas into generated CSV reports. When attackers control server redirects, they can manipulate the CSV output to potentially execute malicious formulas when opened in spreadsheet applications. This affects anyone using dirsearch with the --csv-report flag against attacker-controlled endpoints.

💻 Affected Systems

Products:

Dirsearch

Versions: 0.4.1 and earlier

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using --csv-report flag against attacker-controlled redirects

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could execute arbitrary code on victim machines when CSV files are opened in vulnerable spreadsheet applications, potentially leading to full system compromise.

🟠

Likely Case

Data manipulation in CSV reports, formula execution in Excel/OpenOffice, or social engineering attacks via malicious spreadsheet content.

🟢

If Mitigated

Limited to CSV report manipulation without code execution if proper spreadsheet security settings are enabled.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires attacker to control server redirects and victim to open CSV in vulnerable spreadsheet application

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.4.2 and later

Vendor Advisory: https://github.com/maurosoria/dirsearch

Restart Required: No

Instructions:

1. Update dirsearch to version 0.4.2 or later
2. Run: pip install --upgrade dirsearch
3. Verify version with: dirsearch --version

🔧 Temporary Workarounds

Disable CSV reporting

all

Avoid using --csv-report flag when scanning untrusted targets

Sanitize CSV output

all

Manually sanitize CSV files before opening in spreadsheet applications

🧯 If You Can't Patch

Only use dirsearch against trusted, internal targets
Open CSV files in plain text editors instead of spreadsheet applications

🔍 How to Verify

Check if Vulnerable:

Check dirsearch version: dirsearch --version | grep -q '0.4.1' && echo 'VULNERABLE'

Check Version:

dirsearch --version

Verify Fix Applied:

Verify version is 0.4.2 or later: dirsearch --version

📡 Detection & Monitoring

Log Indicators:

CSV files with unusual formula patterns
Dirsearch usage with --csv-report flag

Network Indicators:

HTTP redirects to paths containing Excel formula syntax

SIEM Query:

process.name:dirsearch AND cmdline:*--csv-report*

📊 Metadata

CVE ID: CVE-2021-47901

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1236

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: January 27, 2026

Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47901, you might also want to check these: