TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation.
References
Link | Resource |
---|---|
https://github.com/i3thuan5/TuiTse-TsuSin/commit/9d21d99d7cfcd7c42aade251fab98ec102e730ea | Patch |
https://github.com/i3thuan5/TuiTse-TsuSin/pull/22 | Issue Tracking Patch |
https://github.com/i3thuan5/TuiTse-TsuSin/security/advisories/GHSA-m4m5-j36m-8x72 | Vendor Advisory |
Configurations
History
23 Jan 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-23 18:15
Updated : 2024-02-01 20:15
NVD link : CVE-2024-23341
Mitre link : CVE-2024-23341
CVE.ORG link : CVE-2024-23341
JSON object : View
Products Affected
ithuan
- tuitse-tsusin
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')