Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
fastbots Eval Injection vulnerability
Vulnerability Description
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
fastbots 安全漏洞
Vulnerability Description
fastbots是一个使用 selenium 和 POM(页面对象模型)设计进行快速机器人和爬虫开发的简单库。 fastbots 0.1.5之前版本存在安全漏洞,该漏洞源于 page.py 中的def locator(self, locator_name: str) 函数中存在指令的不正确中和,攻击者利用该漏洞可以使用 python 代码修改 locators.ini 定位器文件,未经适当验证就会执行该文件,导致RCE。
CVSS Information
N/A
Vulnerability Type
N/A