PyPI package
mesop
pkg:pypi/mesop
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34824 | Hig | 7.5 | >= 1.2.3, < 1.2.5 | 1.2.5 | Apr 3, 2026 | Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a r | |
| CVE-2026-33057 | — | < 1.2.3 | 1.2.3 | Mar 20, 2026 | Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yie | ||
| CVE-2026-33054 | — | < 1.2.3 | 1.2.3 | Mar 20, 2026 | Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted state_token through the UI stream payload to arbitrarily target files on the disk under th | ||
| CVE-2025-30358 | Hig | 8.1 | < 0.14.1 | 0.14.1 | Mar 27, 2025 | Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could | |
| CVE-2024-45601 | Hig | 7.5 | >= 0.9.0, < 0.12.4 | 0.12.4 | Sep 18, 2024 | Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficien |
- affected >= 1.2.3, < 1.2.5fixed 1.2.5
Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a r
- CVE-2026-33057Mar 20, 2026affected < 1.2.3fixed 1.2.3
Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yie
- CVE-2026-33054Mar 20, 2026affected < 1.2.3fixed 1.2.3
Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted state_token through the UI stream payload to arbitrarily target files on the disk under th
- affected < 0.14.1fixed 0.14.1
Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could
- affected >= 0.9.0, < 0.12.4fixed 0.12.4
Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficien