MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-07-05T19:25:35.966Z
Updated: 2023-07-05T19:25:35.966Z
Reserved: 2023-06-06T16:16:53.559Z
Link: CVE-2023-34457
JSON object: View
NVD Information
Status : Modified
Published: 2023-07-05T20:15:10.343
Modified: 2023-08-03T15:15:24.573
Link: CVE-2023-34457
JSON object: View
Redhat Information
No data.
CWE