Описание
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.1.3 (включая)
cpe:2.3:a:html-to-csv_project:html-to-csv:*:*:*:*:*:python:*:*
EPSS
Процентиль: 80%
0.01432
Низкий
5.6 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-1236
Связанные уязвимости
CVSS3: 5.6
github
около 4 лет назад
Improper Neutralization of Formula Elements in a CSV File in html-2-csv
EPSS
Процентиль: 80%
0.01432
Низкий
5.6 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-1236