mesop 0.9.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mesop package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Class Pollution mesop is a Build UIs in Python Affected versions of this package are vulnerable to Class Pollution in the `_recursive_update_dataclass_from_json_obj()` function, which doesn't raise an exception for dunder (`__`) properties. An attacker can cause denial of service by overwriting these elements, leading to server unresponsiveness. If the resulting values of these elements can be controlled in a given runtime, this could facilitate further exploits such as user impersonation and data corruption. How to fix Class Pollution? Upgrade `mesop` to version 0.14.1 or higher.	[,0.14.1)
H Class Pollution mesop is a Build UIs in Python Affected versions of this package are vulnerable to Class Pollution via the `dataclass_utils` component. How to fix Class Pollution? Upgrade `mesop` to version 0.14.1 or higher.	[,0.14.1)
H Path Traversal mesop is a Build UIs in Python Affected versions of this package are vulnerable to Path Traversal due to insufficient input validation in the static file serving functionality. An attacker can access files not intended to be served by manipulating the input to the endpoint. How to fix Path Traversal? Upgrade `mesop` to version 0.12.4 or higher.	[0.9.0,0.12.4)

Vulnerability

Vulnerable Version

Class Pollution

mesop is a Build UIs in Python

Affected versions of this package are vulnerable to Class Pollution in the _recursive_update_dataclass_from_json_obj() function, which doesn't raise an exception for dunder (__) properties. An attacker can cause denial of service by overwriting these elements, leading to server unresponsiveness. If the resulting values of these elements can be controlled in a given runtime, this could facilitate further exploits such as user impersonation and data corruption.

How to fix Class Pollution?

Upgrade mesop to version 0.14.1 or higher.

[,0.14.1)

Class Pollution

mesop is a Build UIs in Python

Affected versions of this package are vulnerable to Class Pollution via the dataclass_utils component.

How to fix Class Pollution?

Upgrade mesop to version 0.14.1 or higher.

[,0.14.1)

Path Traversal

mesop is a Build UIs in Python

Affected versions of this package are vulnerable to Path Traversal due to insufficient input validation in the static file serving functionality. An attacker can access files not intended to be served by manipulating the input to the endpoint.

How to fix Path Traversal?

Upgrade mesop to version 0.12.4 or higher.

[0.9.0,0.12.4)

mesop@0.9.0 vulnerabilities

Build UIs in Python

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically