Описание
ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use Website.user_vars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.
Ссылки
- Release Notes
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.1 (включая) до 2.4.0 (включая)
cpe:2.3:a:toui_project:toui:*:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00472
Низкий
9.1 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-914
CWE-913
Связанные уязвимости
CVSS3: 9.1
github
больше 2 лет назад
toui allows user-specific variables to be shared between users
EPSS
Процентиль: 64%
0.00472
Низкий
9.1 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-914
CWE-913