5 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-34457
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can re...
playlist-kreator (>=0.0.1 <=0.0.2), rogersbank (>=0.1.0 <=1.1.0) +1 more potentially affected by CVE-2023-34457 via mechanicalsoup (>=0.6.0 <=0.9.0.post4)
mechanicalsoup PYPI version =0.6.0, =0.0.1, =0.1.0, =0.4.11, =0.4.12 Source cves: CVE-2023-34457 Source advisory: OSV:GHSA-X456-3CCM-M6J4...
CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
CVE-2023-34457
The CVE-2023-34457 affects MechanicalSoup prior to 1.3.0, where a malicious server could cause the client to upload local files via an HTML input type="file" in forms. Root cause: form submission logic uses the tag value to read a file path and attach it to the request, enabling unintended disclo...
CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...