Websites that use Website.user_vars
property in versions.
It affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1
Do not use Website.user_vars
in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signin_user()
in version v2.4.0 only.
ToUI is using Flask-Caching (SimpleCache) to store user variables. My misunderstanding was that these caches are stored in the client's browser, but it seems that these are stored in the server side.
{ "nvd_published_at": "2023-05-30T05:15:11Z", "cwe_ids": [ "CWE-913", "CWE-914" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-05-24T17:38:52Z" }