Moderate severityNVD Advisory· Published Jan 23, 2024· Updated Sep 11, 2024
TuiTse-TsuSin html injection vulnerability in `tuitse_html` function
CVE-2024-23341
Description
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitse_html without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
TuiTse-TsuSinPyPI | < 1.3.2 | 1.3.2 |
Affected products
2- i3thuan5/TuiTse-TsuSinv5Range: < 1.3.2
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-m4m5-j36m-8x72ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-23341ghsaADVISORY
- github.com/i3thuan5/TuiTse-TsuSin/commit/9d21d99d7cfcd7c42aade251fab98ec102e730eaghsax_refsource_MISCWEB
- github.com/i3thuan5/TuiTse-TsuSin/pull/22ghsax_refsource_MISCWEB
- github.com/i3thuan5/TuiTse-TsuSin/security/advisories/GHSA-m4m5-j36m-8x72ghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/tuitse-tsusin/PYSEC-2024-22.yamlghsaWEB
News mentions
0No linked articles in our index yet.