Lucene search
+L

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2023-34457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can re...

7.5CVSS7AI score0.01082EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2023/07/05 9:35 p.m.9 views

playlist-kreator (>=0.0.1 <=0.0.2), rogersbank (>=0.1.0 <=1.1.0) +1 more potentially affected by CVE-2023-34457 via mechanicalsoup (>=0.6.0 <=0.9.0.post4)

mechanicalsoup PYPI version =0.6.0, =0.0.1, =0.1.0, =0.4.11, =0.4.12 Source cves: CVE-2023-34457 Source advisory: OSV:GHSA-X456-3CCM-M6J4...

7.5CVSS7.1AI score0.01082EPSS
Exploits1
Cvelist
Cvelist
added 2023/07/05 7:25 p.m.37 views

CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

5.9CVSS7.6AI score0.01082EPSS
Exploits1References4
CVE
CVE
added 2023/07/05 7:25 p.m.54 views

CVE-2023-34457

The CVE-2023-34457 affects MechanicalSoup prior to 1.3.0, where a malicious server could cause the client to upload local files via an HTML input type="file" in forms. Root cause: form submission logic uses the tag value to read a file path and attach it to the request, enabling unintended disclo...

7.5CVSS6.4AI score0.01082EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/07/05 7:25 p.m.14 views

CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

5.9CVSS7.4AI score0.01082EPSS
Exploits1References6
Rows per page
Query Builder