Vulnerabilities > CVE-2023-33175 - Improper Control of Dynamically-Managed Code Resources vulnerability in Toui Project Toui

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

toui-project

CWE-913

NVD

Published: 2023-05-30

Updated: 2023-06-07

Summary

ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.

Vulnerable Configurations

Part	Description	Count
Application	Toui_Project Toui Project Toui *	1

Common Weakness Enumeration (CWE)

CWE-913 - Improper Control of Dynamically-Managed Code Resources

References

https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1
https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563