CVE-2023-33175

Advisory

Toui 2.4.1 includes a fix for CVE-2023-33175: ToUI is using Flask-Caching (SimpleCache) to store user variables. These are stored in the server side. Websites that use 'Website.user_vars' property are affected.
https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563

Affected package

Affected versions

Fixed versions

Vulnerability changelog

ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1. See CVE-2023-33175.


MISC:https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1: https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1
MISC:https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563: https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563

Resources

• https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1
• https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33175