Vulnerabilities > CVE-2023-34457 - Unspecified vulnerability in Mechanicalsoup Project Mechanicalsoup

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mechanicalsoup-project

NVD

Published: 2023-07-05

Updated: 2024-11-21

Summary

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Mechanicalsoup_Project Mechanicalsoup Project Mechanicalsoup 0.0.2 Mechanicalsoup Project Mechanicalsoup 0.0.3 Mechanicalsoup Project Mechanicalsoup 0.1.0 Mechanicalsoup Project Mechanicalsoup 0.1.1 Mechanicalsoup Project Mechanicalsoup 0.1.2 Mechanicalsoup Project Mechanicalsoup 0.2.0 Mechanicalsoup Project Mechanicalsoup 0.2.1 Mechanicalsoup Project Mechanicalsoup 0.2.2 Mechanicalsoup Project Mechanicalsoup 0.3.0 Mechanicalsoup Project Mechanicalsoup 0.3.1 Mechanicalsoup Project Mechanicalsoup 0.4.0 Mechanicalsoup Project Mechanicalsoup 0.5.0 Mechanicalsoup Project Mechanicalsoup 0.6.0 Mechanicalsoup Project Mechanicalsoup 0.7.0 Mechanicalsoup Project Mechanicalsoup 0.8.0 Mechanicalsoup Project Mechanicalsoup 0.9.0 Mechanicalsoup Project Mechanicalsoup 1.0.0 Mechanicalsoup Project Mechanicalsoup 1.1.0 Mechanicalsoup Project Mechanicalsoup 1.2.0	23

Summary

Vulnerable Configurations

References