VYPR
Moderate severityNVD Advisory· Published Nov 26, 2021· Updated Sep 16, 2024

Improper Input Validation

CVE-2021-23654

Description

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
html-to-csvPyPI
<= 0.1.3

Affected products

1

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.