Lucene search

[email protected]CVE-2023-33175

HistoryMay 30, 2023 - 5:15 a.m.

CVE-2023-33175

2023-05-3005:15:11

CWE-913

CWE-914

[email protected]

web.nvd.nist.gov

toui

python

user interfaces

websites

desktop apps

html

flask-caching

simplecache

security

vulnerability

cve-2023-33175

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

36.3%

JSON

ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use Website.user_vars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.

CPENameOperatorVersion
toui_project:touitoui project touile2.4.0

CPE	Name	Operator	Version
toui_project:toui	toui project toui	le	2.4.0

References

github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1

github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

36.3%

JSON

Related for CVE-2023-33175

prion1 osv2 github1 veracode1