How severe is CVE-2023-48699?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-48699?

This is classified as CWE-95, which is a common weakness in software security.

CVE-2023-48699

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-95

View all →

Vulnerability Description

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above.

CVE-2022-36010

CRITICAL

CVSS:9.8(Critical)

This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e...

CWE-952022

CVE-2023-0090

CRITICAL

CVSS:9.8(Critical)

The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network a...

CWE-952023

CVE-2023-26323

CRITICAL

CVSS:9.8(Critical)

A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.

CWE-952023

CVE-2023-26477

CRITICAL

CVSS:9.8(Critical)

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeN...

CWE-952023

CVE-2024-21650

CRITICAL

CVSS:9.8(Critical)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration featu...

CWE-952024

CVE-2024-31982

CRITICAL

CVSS:9.8(Critical)

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the s...

CWE-952024

CVE-2023-48699

Vulnerability Description

Related Vulnerabilities

CVE-2022-36010

CVE-2023-0090

CVE-2023-26323

CVE-2023-26477

CVE-2024-21650

CVE-2024-31982