PyPi: Qweb

CVE-2023-4863

Transitive

Safety vulnerability ID: 63054

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 12, 2023 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Qweb 3.0.0 updates the dependency opencv-python from 4.8.0.74 to 4.8.1.78 to include security fixes for the CVE-2023-4863.
https://github.com/qentinelqi/qweb/compare/v2.2.3...v3.0.0#diff-4d7c51b1efe9043e44439a949dfd92e5827321b34082903477fd04876edb7552L10

Affected package

qweb

Latest version: 3.4.2

Keyword driven automation for the web

Affected versions

Fixed versions

Vulnerability changelog

Added
- OpenBrowser keyword to support Selenium 4.10 and above
- Service class taken into use
- Support for automatic driver/browser management via Selenium Manager (if drivers are not in PATH)
- Chrome: Support for specific **browser_version** (downloads Chrome for Testing if needed)
- BrowserStack/mobile integration to support OS Version
- Added "Introduction" section to keyword documentation

Changed
- OpenBrowser kw documentation updated/more examples added, including BrowserStack usage and local android device usage.
- DragDrop to support also elements that do not have "draggable" attribute set
- Re-used variable "url" renamed in VerifyLinks
- Security: bumped opencv and Pillow versions
- Updated readme.md

Fixed
- `SetConfig HandleAlerts False` was not raising exceptions
- SetConfig argument types modified in order to avoid automatic type conversion
- This fixes issue of using robot fw format (variable containing list) in `SetConfig RunBefore`

Removed
- IE Support
- Robot Framework 3.2.2 support (4.1.3 is the new minimum)
- Python 3.7 support as it has been [already EOL'd](https://devguide.python.org/versions/) and some security fixes for dependencies are not released for Python 3.7

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.8

CVSS v3 Details

HIGH 8.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH