4 matches found
CVE-2023-33175
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
CVE-2023-33175
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
CVE-2023-33175 ToUI allows user-specific variables to be shared between users
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
CVE-2023-33175
ToUI is affected by CVE-2023-33175 due to improper handling of the Website.user_vars attribute when using Flask-Caching (SimpleCache). The root cause is that user-specific variables are stored on the server-side cache, allowing exposure across users. Affected versions are 2.0.1 through 2.4.0; the...