4 matches found
CVE-2023-33175
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
Hardcoded credentials
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
CVE-2023-33175
ToUI is affected by CVE-2023-33175 due to improper handling of the Website.user_vars attribute when using Flask-Caching (SimpleCache). The root cause is that user-specific variables are stored on the server-side cache, allowing exposure across users. Affected versions are 2.0.1 through 2.4.0; the...
GHSA-HH7J-PG39-Q563 toui allows user-specific variables to be shared between users
Impact Websites that use Website.uservars property in versions. Patches It affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1 Workarounds Do not use Website.uservars in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signinuser in version v2.4.0 only. Explanation...