MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
A malicious web server can read arbitrary files on the client using a <input type="file" …> inside HTML form.
Advisories for Pypi/MechanicalSoup package
2023