CVE-2023-34457
CVSS V2 None
CVSS V3 None
Description
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.
Overview
- CVE ID
- CVE-2023-34457
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-05T19:25:35.966Z
- Last Modified Date
- 2023-07-05T19:25:35.966Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4 | x_refsource_CONFIRM |
https://github.com/MechanicalSoup/MechanicalSoup/commit/d57c4a269bba3b9a0c5bfa20292955b849006d9e | x_refsource_MISC |
https://github.com/MechanicalSoup/MechanicalSoup/releases/tag/v1.3.0 | x_refsource_MISC |
https://security.netapp.com/advisory/ntap-20230803-0005/ |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-34457 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34457 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-25 20:55:55 | Added to TrackCVE |