Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Input Validation
Vulnerability Description
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
Html2Csv 代码注入漏洞
Vulnerability Description
Html2Csv是中国韩文涛(Wentao Han)个人开发者的一个开源的实用程序。用于从 Html 文档中提取表格并将其转换为 Csv 格式。 html2csv存在安全漏洞,该漏洞源于当在HTML页面中嵌入一个公式时,公式将在没有任何验证的情况下被接受,并在将其转换为CSV文件时被推送。通过这种方式,恶意参与者可以嵌入或生成恶意链接或通过CSV文件执行命令。
CVSS Information
N/A
Vulnerability Type
N/A