Security Advisory

CVE-2023-34457

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-07-05 19:25:35

Last updated 2025-02-13 16:55:35

Assigner GitHub_M

State PUBLISHED

Description

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoups form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.

← Browse all CVEs View on cve.org ↗