CVE-2020-36941 — AI Deep Analysis Summary

🚨 **Essence**: Knock Subdomain Scan v4.1.1 suffers from **CSV Injection** due to unfiltered server headers.…

🛡️ **Root Cause**: **CWE-1236** (Improper Neutralization of Special Elements used in a Formula).…

🎯 **Affected**: **Knock Subdomain Scan** version **4.1.1**. Developed by **Gianni Amato** (guelfoweb). Specifically targets users running this exact version of the domain scanning tool.

💀 **Attacker Capabilities**: Can execute arbitrary commands via **CSV formula injection** (e.g., `=cmd|' /C calc'!A1`).…

🔓 **Exploitation Threshold**: **LOW**. CVSS Vector: `AV:N/AC:L/PR:N/UI:N`. No authentication required.…

💣 **Public Exploit**: **YES**. ExploitDB ID **49342** exists. VulnCheck advisory confirms the vulnerability. Wild exploitation is possible if victims download and open the generated CSV reports.

🔍 **Self-Check**: 1. Check version: `knock --version`. 2. Look for **v4.1.1**. 3. Inspect generated CSV files for unexpected formula prefixes (`=`, `+`, `-`, `@`). 4. Scan for unfiltered header data in output logs.

🩹 **Official Fix**: **YES**. The GitHub repository (guelfoweb/knock) is the source. Users should update to the latest version where header neutralization is implemented. Check the repo for patches post-4.1.1.

🚧 **No Patch Workaround**: 1. **Do NOT open** generated CSV files directly in Excel/Sheets. 2. Use **Notepad** or **VS Code** to view results. 3.…

⚡ **Urgency**: **HIGH**. CVSS Score indicates **Critical** impact (C:H, I:H, A:H). Immediate action required: Update Knockpy or implement strict CSV sanitization to prevent RCE via malicious CSV reports.