Search criteria
Related vulnerabilities
PYSEC-2021-866
Vulnerability from pysec - Published: 2021-11-26 20:15 - Updated: 2022-01-05 02:16
VLAI?
Details
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.
Impacted products
| Name | purl | html-to-csv | pkg:pypi/html-to-csv |
|---|
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "html-to-csv",
"purl": "pkg:pypi/html-to-csv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0.1",
"0.0.2",
"0.0.3.post1",
"0.1.0",
"0.1.1",
"0.1.2",
"0.1.3"
]
}
],
"aliases": [
"CVE-2021-23654",
"SNYK-PYTHON-HTMLTOCSV-1582784",
"GHSA-fwf6-rw69-hhj4"
],
"details": "This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.",
"id": "PYSEC-2021-866",
"modified": "2022-01-05T02:16:24.626882Z",
"published": "2021-11-26T20:15:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://snyk.io/vuln/SNYK-PYTHON-HTMLTOCSV-1582784"
},
{
"type": "WEB",
"url": "https://github.com/hanwentao/html2csv/blob/master/html2csv/converter.py"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fwf6-rw69-hhj4"
}
]
}