Vulnerability Description
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubertidavide | Fastbots | < 0.1.5 |
Related Weaknesses (CWE)
References
- https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef5285Patch
- https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806Issue TrackingPatch
- https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9ExploitVendor Advisory
- https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef5285Patch
- https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806Issue TrackingPatch
- https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9ExploitVendor Advisory
FAQ
What is CVE-2023-48699?
CVE-2023-48699 is a vulnerability with a CVSS score of 8.4 (HIGH). fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with py...
How severe is CVE-2023-48699?
CVE-2023-48699 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-48699?
Check the references section above for vendor advisories and patch information. Affected products include: Ubertidavide Fastbots.