漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
fastbots Eval Injection vulnerability
Vulnerability Description
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
fastbots 安全漏洞
Vulnerability Description
fastbots是一个使用 selenium 和 POM(页面对象模型)设计进行快速机器人和爬虫开发的简单库。 fastbots 0.1.5之前版本存在安全漏洞,该漏洞源于 page.py 中的def locator(self, locator_name: str) 函数中存在指令的不正确中和,攻击者利用该漏洞可以使用 python 代码修改 locators.ini 定位器文件,未经适当验证就会执行该文件,导致RCE。
CVSS Information
N/A
Vulnerability Type
N/A