Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served. Users are strongly advised to update to the latest version of Mesop immediately. The latest version includes a fix for this vulnerability. At time of publication 0.12.4 is the most recently available version of Mesop.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 15 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Wed, 18 Sep 2024 19:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Wed, 18 Sep 2024 18:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served. Users are strongly advised to update to the latest version of Mesop immediately. The latest version includes a fix for this vulnerability. At time of publication 0.12.4 is the most recently available version of Mesop. | |
| Title | Local file Inclusion via static file serving functionality in Mesop | |
| Weaknesses | CWE-20 CWE-22 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-18T17:49:58.158Z
Updated: 2024-09-18T18:42:23.239Z
Reserved: 2024-09-02T16:00:02.424Z
Link: CVE-2024-45601
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-09-18T18:42:19.103Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2024-09-18T18:15:06.473
Modified: 2024-09-20T12:30:17.483
Link: CVE-2024-45601
 Redhat
                        Redhat
                    No data.