This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.
References
Link | Resource |
---|---|
https://github.com/hanwentao/html2csv/blob/master/html2csv/converter.py | Exploit Third Party Advisory |
https://snyk.io/vuln/SNYK-PYTHON-HTMLTOCSV-1582784 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2021-11-26T00:00:00
Updated: 2021-11-26T20:05:11
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23654
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-26T20:15:07.393
Modified: 2021-12-20T15:05:34.507
Link: CVE-2021-23654
JSON object: View
Redhat Information
No data.
CWE