Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ToUI allows user-specific variables to be shared between users
Vulnerability Description
ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
动态识别变量的控制不恰当
Vulnerability Title
ToUI 安全漏洞
Vulnerability Description
ToUI是一个 Python 包,用于从 HTML 创建用户界面(网站和桌面应用程序)。 ToUI 2.0.1 到 2.4.0版本存在安全漏洞,该漏洞源于使用Website.user_vars属性。
CVSS Information
N/A
Vulnerability Type
N/A