PT-2023-24191 · Toui+1 · Toui+1

Mubarakalmehairbi

Publicado

2023-05-24

Atualizado

2023-06-07

CVE-2023-33175

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ToUI versions 2.0.1 through 2.4.0

Description The issue affects websites that use the Website.user vars property. ToUI utilizes Flask-Caching (SimpleCache) to store user variables, which are stored on the server side.

Recommendations For versions 2.0.1 through 2.4.0, upgrade to version 2.4.1. As a temporary workaround for versions 2.0.1 through 2.4.0, consider not using the Website.user vars property in websites. For version 2.4.0, also avoid using the Website.signin user() function until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-914CWE-913

Identificadores relacionados

CVE-2023-33175

GHSA-HH7J-PG39-Q563

Produtos afetados

Flask-Caching

Toui

PT-2023-24191 · Toui+1 · Toui+1

CVE-2023-33175

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7