Home > Vulnerability Database > CVE-2024-45601

Mend.io Vulnerability Database

CVE-2024-45601

Good to know:

Date: September 18, 2024

Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served. Users are strongly advised to update to the latest version of Mesop immediately. The latest version includes a fix for this vulnerability. At time of publication 0.12.4 is the most recently available version of Mesop.

Language: Python

Severity Score

7.5

Related Resources (5)

Url: https://github.com/google/mesop

Url: https://github.com/google/mesop/commit/17fb769d6a91f0a8cbccfab18f64977b158a6a31

Url: https://github.com/google/mesop/security/advisories/GHSA-pmv9-3xqp-8w42

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45601

Url: https://www.mend.io/vulnerability-database/CVE-2024-45601

Severity Score

7.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version mesop - 0.12.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45601

Good to know:

Date: September 18, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?