Headline
GHSA-m4m5-j36m-8x72: html injection vulnerability in the `tuitse_html` function.
Impact
When using tuitse_html without quoting the input, there is a html injection vulnerability. It should use the django version django.utils.html.format_html, instead of string.format()
Patches
Upgrade to version 1.3.2.
Workarounds
Sanitizing Taigi input with HTML quotation.
References
https://github.com/i3thuan5/TuiTse-TsuSin/pull/22
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-23341
html injection vulnerability in the `tuitse_html` function.
Moderate severity GitHub Reviewed Published Jan 22, 2024 in i3thuan5/TuiTse-TsuSin • Updated Jan 22, 2024
Package
pip TuiTse-TsuSin (pip)
Affected versions
< 1.3.2
Description
Impact
When using tuitse_html without quoting the input, there is a html injection vulnerability. It should use the django version django.utils.html.format_html, instead of string.format()
Patches
Upgrade to version 1.3.2.
Workarounds
Sanitizing Taigi input with HTML quotation.
References
i3thuan5/TuiTse-TsuSin#22
References
- GHSA-m4m5-j36m-8x72
- i3thuan5/TuiTse-TsuSin#22
Published to the GitHub Advisory Database
Jan 22, 2024
Last updated
Jan 22, 2024