Lucene search
GoogleOSV:PYSEC-2021-866HistoryNov 26, 2021 - 8:15 p.m.
PYSEC-2021-866
2021-11-2620:15:00
Google
osv.dev
10
0.003 Low
EPSS
Percentile
71.9%
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.
| CPE | Name | Operator | Version |
|---|---|---|---|
| html-to-csv | eq | 0.1.0 | |
| html-to-csv | eq | 0.1.2 | |
| html-to-csv | eq | 0.0.3.post1 | |
| html-to-csv | eq | 0.0.1 | |
| html-to-csv | eq | 0.1.3 | |
| html-to-csv | eq | 0.1.1 | |
| html-to-csv | eq | 0.0.2 |
Related
osv
osv
Improper Neutralization of Formula Elements in a CSV File in html-2-csv
2021-11-30 22:22:16
CVE-2021-23654
2021-11-26 20:15:07
cnvd
cnvd
Unspecified vulnerability in html2csv
2021-11-30 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2021-11-29 04:02:40
cvelist
cvelist
CVE-2021-23654 Improper Input Validation
2021-11-26 00:00:00
github
github
Improper Neutralization of Formula Elements in a CSV File in html-2-csv
2021-11-30 22:22:16
prion
prion
Design/Logic Flaw
2021-11-26 20:15:00
nvd
nvd
CVE-2021-23654
2021-11-26 20:15:07
cve
cve
CVE-2021-23654
2021-11-26 20:15:07