We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-45601

Local file Inclusion via static file serving functionality in Mesop



Description

Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served. Users are strongly advised to update to the latest version of Mesop immediately. The latest version includes a fix for this vulnerability. At time of publication 0.12.4 is the most recently available version of Mesop.

Reserved 2024-09-02 | Published 2024-09-18 | Updated 2024-09-18 | Assigner GitHub_M


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product status

>=0.9.0, < 0.12.4
affected

References

github.com/google/mesop/security/advisories/GHSA-pmv9-3xqp-8w42

github.com/google/mesop/commit/17fb769d6a91f0a8cbccfab18f64977b158a6a31

cve.org (CVE-2024-45601)

nvd.nist.gov (CVE-2024-45601)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-45601

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.