PYSEC-2021-866

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/html-to-csv/PYSEC-2021-866.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-866

Aliases

CVE-2021-23654
GHSA-fwf6-rw69-hhj4
SNYK-PYTHON-HTMLTOCSV-1582784

Published

2021-11-26T20:15:00Z

Modified

2023-11-01T04:54:42.408258Z

Summary

[none]

Details

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.

References

Affected packages

PyPI / html-to-csv

Package

Name: html-to-csv; View open source insights on deps.dev
Purl: pkg:pypi/html-to-csv

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.1

0.0.2

0.0.3.post1

0.1.0

0.1.1

0.1.2

0.1.3