PYSEC-2024-22

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tuitse-tsusin/PYSEC-2024-22.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2024-22

Aliases

Published

2024-01-23T18:15:00Z

Modified

2024-02-01T22:42:07.450939Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitse_html without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation.

References

Affected packages

PyPI / tuitse-tsusin

Package

Name: tuitse-tsusin; View open source insights on deps.dev
Purl: pkg:pypi/tuitse-tsusin

Affected ranges

Type: GIT
Repo: https://github.com/i3thuan5/TuiTse-TsuSin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9d21d99d7cfcd7c42aade251fab98ec102e730ea

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.2

Affected versions

1.*

1.0.0

1.1.1

1.2.0

1.2.1

1.3.0

1.3.1