A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served.

Users are strongly advised to update to the latest version of Mesop immediately. The latest version includes a fix for this vulnerability.

We would like to thank @Letm3through for reporting this issue and proposing mitigations to address this issue.

Affected Packages

PyPI mesop

Affected versions: 0.9.0 (fixed in 0.12.4)

Related CVEs

CVE-2024-45601

Key Information

GHSA ID

GHSA-pmv9-3xqp-8w42

Published

September 18, 2024 5:49 PM

Last Modified

September 18, 2024 7:22 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

mesop

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.