VYPR
High severityNVD Advisory· Published Nov 21, 2023· Updated Aug 2, 2024

fastbots Eval Injection vulnerability

CVE-2023-48699

Description

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function def __locator__(self, locator_name: str) in page.py. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
fastbotsPyPI
< 0.1.50.1.5

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.