CVE-2021-23654

Name of the Vulnerable Software and Affected Versions html-to-csv versions all

Description The issue arises when a formula is embedded in an HTML page and gets accepted without validation, allowing it to be pushed into a CSV file during conversion. This enables a malicious actor to embed or generate malicious links or execute commands via CSV files.

Recommendations For all versions, consider disabling the conversion of HTML pages with embedded formulas to CSV files until a proper validation mechanism is implemented to prevent malicious links or command execution. Restrict access to the CSV file generation feature to minimize the risk of exploitation. Avoid using the html-to-csv package for converting HTML pages with embedded formulas until the issue is resolved.