22 matches found
EUVD-2023-0143
Malicious code in bioql PyPI...
Fedora: Security Advisory (FEDORA-2024-45b02f63e4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2023-34457
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can re...
Fedora 41 : python-mechanicalsoup (2024-45b02f63e4)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-45b02f63e4 advisory. Automatic update for python-mechanicalsoup-1.3.0-1.fc41. Changelog Sun Apr 7 2024 Fabian Affolter - 1.3.0-1 - Update to latest upstream version 1.3.0 closes...
OPENSUSE-SU-2024:13499-1 python310-MechanicalSoup-1.3.0-1.1 on GA media
These are all security issues fixed in the python310-MechanicalSoup-1.3.0-1.1 package on the GA media of openSUSE Tumbleweed...
Arbitrary File Read
MechanicalSoup is vulnerable to Arbitrary File Read. The vulnerability is due to improper file path sanitization which allows an attacker to read arbitrary files on the web server using the tag inside an HTML form...
SUSE CVE-2023-34457
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
Summary A malicious web server can read arbitrary files on the client using a inside HTML form. Details This affects the extremely common pattern of form submission: python b = mechanicalsoup.StatefulBrowser b.selectform... b.submitselected The problem is with the code in...
playlist-kreator (>=0.0.1 <=0.0.2), rogersbank (>=0.1.0 <=1.1.0) +1 more potentially affected by CVE-2023-34457 via mechanicalsoup (>=0.6.0 <=0.9.0.post4)
mechanicalsoup PYPI version =0.6.0, =0.0.1, =0.1.0, =0.4.11, =0.4.12 Source cves: CVE-2023-34457 Source advisory: OSV:GHSA-X456-3CCM-M6J4...
GHSA-X456-3CCM-M6J4 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
Summary A malicious web server can read arbitrary files on the client using a inside HTML form. Details This affects the extremely common pattern of form submission: python b = mechanicalsoup.StatefulBrowser b.selectform... b.submitselected The problem is with the code in...
DEBIAN-CVE-2023-34457
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
CVE-2023-34457
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
aib2ofx (>=0.70.0a1 <=0.71.1), cooar-cli (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2023-34457 via mechanicalsoup (>=0.10.0 <=0.9.0.post4)
mechanicalsoup PYPI version =0.10.0, =0.70.0a1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.2.3, =0.4.11, =0.4.12 Source cves: CVE-2023-34457 Source advisory: OSV:PYSEC-2023-108...
PYSEC-2023-108
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
UBUNTU-CVE-2023-34457
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
PYSEC-2023-108
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
CVE-2023-34457
The CVE-2023-34457 affects MechanicalSoup prior to 1.3.0, where a malicious server could cause the client to upload local files via an HTML input type="file" in forms. Root cause: form submission logic uses the tag value to read a file path and attach it to the request, enabling unintended disclo...
CVE-2023-34457
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...