CVE-2023-48699
CVSS V2 None
CVSS V3 None
Description
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above.
Overview
- CVE ID
- CVE-2023-48699
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-11-21T22:25:41.183Z
- Last Modified Date
- 2023-11-21T22:25:41.183Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9 | x_refsource_CONFIRM |
| https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806 | x_refsource_MISC |
| https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-48699 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48699 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 23:30:42 | Added to TrackCVE |