Vulnerability Description
ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Toui Project | Toui | >= 2.0.1, <= 2.4.0 |
Related Weaknesses (CWE)
References
- https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1Release Notes
- https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q56Vendor Advisory
- https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1Release Notes
- https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q56Vendor Advisory
FAQ
What is CVE-2023-33175?
CVE-2023-33175 is a vulnerability with a CVSS score of 9.1 (CRITICAL). ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` pr...
How severe is CVE-2023-33175?
CVE-2023-33175 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-33175?
Check the references section above for vendor advisories and patch information. Affected products include: Toui Project Toui.