CVE-2023-33175

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ToUI versions 2.0.1 through 2.4.0

Description The issue affects websites that use the Website.user vars property. ToUI utilizes Flask-Caching (SimpleCache) to store user variables, which are stored on the server side.

Recommendations For versions 2.0.1 through 2.4.0, upgrade to version 2.4.1. As a temporary workaround for versions 2.0.1 through 2.4.0, consider not using the Website.user vars property in websites. For version 2.4.0, also avoid using the Website.signin user() function until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-914CWE-913

Related Identifiers

CVE-2023-33175

GHSA-HH7J-PG39-Q563

Affected Products

Flask-Caching

Toui

CVE-2023-33175

Weakness Enumeration

Related Identifiers

Affected Products

References · 7