Arbitrary Code Execution Vulnerability in HTACG HTML Tidy Product
CVE-2021-33391

9.8CRITICAL

Key Information:

Vendor: Htacg
Status: Tidy
Vendor: CVE Published:; 17 February 2023

What is CVE-2021-33391?

A significant vulnerability in HTACG's HTML Tidy version 5.7.28 permits an attacker to execute arbitrary code by leveraging the -g option within the CleanNode() function found in gdoc.c. This flaw poses severe risks to users, as it can lead to unauthorized access and control over affected systems. It is crucial for users of this software to apply the latest updates and follow security best practices to mitigate potential threats.

References

https://github.com/htacg/tidy-html5/issues/946

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
May 20, 2021

JSON

Htacg

What is CVE-2021-33391?

References

CVSS V3.1

Timeline