DEBIAN-CVE-2023-34457

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2023-34457

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-34457.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-34457

Upstream

CVE-2023-34457

Published

2023-07-05T20:15:10Z

Modified

2025-09-19T06:08:15Z

Summary

[none]

Details

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a <input type="file" ...> inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.

References

https://security-tracker.debian.org/tracker/CVE-2023-34457

Affected packages

Debian:13 / python-mechanicalsoup

Package

Name: python-mechanicalsoup
Purl: pkg:deb/debian/python-mechanicalsoup?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / python-mechanicalsoup

Package

Name: python-mechanicalsoup
Purl: pkg:deb/debian/python-mechanicalsoup?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}