CVE-2024-23341 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-23341

CVE-2024-23341

January 23, 2024

TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation.

Related Resources (6)

https://github.com/i3thuan5/TuiTse-TsuSin/pull/22

https://github.com/i3thuan5/TuiTse-TsuSin/commit/9d21d99d7cfcd7c42aade251fab98ec102e730ea

https://github.com/i3thuan5/TuiTse-TsuSin

https://github.com/pypa/advisory-database/tree/main/vulns/tuitse-tsusin/PYSEC-2024-22.yaml

https://nvd.nist.gov/vuln/detail/CVE-2024-23341

https://github.com/i3thuan5/TuiTse-TsuSin/security/advisories/GHSA-m4m5-j36m-8x72

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

LOW

Subsequent System Integrity

LOW

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

EPSS

Base Score:

0.50

Products

Solutions

Resources

Company

Compare

Developer Tools