CVE-2023-33175

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-914
View all →

Vulnerability Description

ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.

Related Vulnerabilities

CVE-2024-24914

HIGH
CVSS:8.0(High)

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.

CWE-9142024

CVE-2024-54198

HIGH
CVSS:8.5(High)

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose cred...

CWE-9142024

CVE-2024-54198

HIGH
CVSS:8.5(High)

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose cred...

CWE-9142024

CVE-2024-24914

HIGH
CVSS:8.0(High)

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.

CWE-9142024