Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
PYSEC-2021-866
Vulnerability from pysec - Published: 2021-11-26 20:15 - Updated: 2022-01-05 02:16
VLAI
Details
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.
Impacted products
| Name | purl | html-to-csv | pkg:pypi/html-to-csv |
|---|
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "html-to-csv",
"purl": "pkg:pypi/html-to-csv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0.1",
"0.0.2",
"0.0.3.post1",
"0.1.0",
"0.1.1",
"0.1.2",
"0.1.3"
]
}
],
"aliases": [
"CVE-2021-23654",
"SNYK-PYTHON-HTMLTOCSV-1582784",
"GHSA-fwf6-rw69-hhj4"
],
"details": "This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.",
"id": "PYSEC-2021-866",
"modified": "2022-01-05T02:16:24.626882Z",
"published": "2021-11-26T20:15:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://snyk.io/vuln/SNYK-PYTHON-HTMLTOCSV-1582784"
},
{
"type": "WEB",
"url": "https://github.com/hanwentao/html2csv/blob/master/html2csv/converter.py"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fwf6-rw69-hhj4"
}
]
}