CVE-2024-23341

TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/i3thuan5/TuiTse-TsuSin/commit/9d21d99d7cfcd7c42aade251fab98ec102e730ea	Patch
https://github.com/i3thuan5/TuiTse-TsuSin/pull/22	Issue Tracking Patch
https://github.com/i3thuan5/TuiTse-TsuSin/security/advisories/GHSA-m4m5-j36m-8x72	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ithuan:tuitse-tsusin:*:*:*:*:*:*:*:*

History

23 Jan 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-23 18:15

Updated : 2024-02-01 20:15

NVD link : CVE-2024-23341

Mitre link : CVE-2024-23341

CVE.ORG link : CVE-2024-23341

JSON object : View

Products Affected

ithuan

tuitse-tsusin

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-23341", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-01-23T18:15:19.250", "references": [{"url": "https://github.com/i3thuan5/TuiTse-TsuSin/commit/9d21d99d7cfcd7c42aade251fab98ec102e730ea", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/i3thuan5/TuiTse-TsuSin/pull/22", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/i3thuan5/TuiTse-TsuSin/security/advisories/GHSA-m4m5-j36m-8x72", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation."}, {"lang": "es", "value": "TuiTse-TsuSin es un paquete para organizar el corpus comparativo de caracteres chinos taiwaneses y caracteres romanos, y extraer oraciones de los caracteres chinos taiwaneses y caracteres romanos. Antes de la versi\u00f3n 1.3.2, cuando se usaba `tuitse_html` sin citar la entrada, exist\u00eda una vulnerabilidad de inyecci\u00f3n de html. La versi\u00f3n 1.3.2 contiene un parche para el problema. Como workaround, desinfecte la entrada de Taigi con citas HTML."}], "lastModified": "2024-02-01T20:15:31.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ithuan:tuitse-tsusin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C64FB9E1-AA6C-4B7F-A102-B41C9B2D84A4", "versionEndExcluding": "1.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}