High severityNVD Advisory· Published Nov 21, 2023· Updated Aug 2, 2024
fastbots Eval Injection vulnerability
CVE-2023-48699
Description
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function def __locator__(self, locator_name: str) in page.py. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fastbotsPyPI | < 0.1.5 | 0.1.5 |
Affected products
2- ubertidavide/fastbotsv5Range: < 0.1.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-vccg-f4gp-45x9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-48699ghsaADVISORY
- github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57ghsax_refsource_MISCWEB
- github.com/ubertidavide/fastbots/pull/3ghsax_refsource_MISCWEB
- github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.