CVE-2024-23341

TuiTse-TsuSin html injection vulnerability in `tuitse_html` function

Description

TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation.

Category

6.1
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.36%
Vendor Advisory github.com
Affected: i3thuan5 TuiTse-TsuSin
Published at:
Updated at:

References

Link Tags
https://github.com/i3thuan5/TuiTse-TsuSin/security/advisories/GHSA-m4m5-j36m-8x72 vendor advisory
https://github.com/i3thuan5/TuiTse-TsuSin/pull/22 patch issue tracking
https://github.com/i3thuan5/TuiTse-TsuSin/commit/9d21d99d7cfcd7c42aade251fab98ec102e730ea patch

Frequently Asked Questions

What is the severity of CVE-2024-23341?
CVE-2024-23341 has been scored as a medium severity vulnerability.
How to fix CVE-2024-23341?
To fix CVE-2024-23341, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-23341 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-23341 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-23341?
CVE-2024-23341 affects i3thuan5 TuiTse-TsuSin.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.