{"url":"http://public2.vulnerablecode.io/api/packages/59684?format=json","purl":"pkg:pypi/html-2-csv@0.1.3","type":"pypi","namespace":"","name":"html-2-csv","version":"0.1.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35919?format=json","vulnerability_id":"VCID-kue6-9exx-3fex","summary":"This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.","references":[{"reference_url":"https://github.com/advisories/GHSA-fwf6-rw69-hhj4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fwf6-rw69-hhj4"},{"reference_url":"https://github.com/hanwentao/html2csv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hanwentao/html2csv"},{"reference_url":"https://github.com/hanwentao/html2csv/blob/master/html2csv/converter.py","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hanwentao/html2csv/blob/master/html2csv/converter.py"},{"reference_url":"https://github.com/hanwentao/html2csv/issues/9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hanwentao/html2csv/issues/9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/html-to-csv/PYSEC-2021-866.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/html-to-csv/PYSEC-2021-866.yaml"},{"reference_url":"https://snyk.io/vuln/SNYK-PYTHON-HTMLTOCSV-1582784","reference_id":"","reference_type":"","scores":[],"url":"https://snyk.io/vuln/SNYK-PYTHON-HTMLTOCSV-1582784"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23654","reference_id":"CVE-2021-23654","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23654"}],"fixed_packages":[],"aliases":["CVE-2021-23654","GHSA-fwf6-rw69-hhj4","PYSEC-2021-866","SNYK-PYTHON-HTMLTOCSV-1582784"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kue6-9exx-3fex"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/html-2-csv@0.1.3"}