CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-23654 – Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-23654
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. Esto afecta a todas las versiones del paquete html-to-csv. Cuando se presenta una fórmula insertada en una página HTML, se acepta sin ninguna comprobación y la misma se empuja mientras es convertida en un archivo CSV. • https://github.com/hanwentao/html2csv/blob/master/html2csv/converter.py https://snyk.io/vuln/SNYK-PYTHON-HTMLTOCSV-1582784 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •