This path traversal vulnerability affects the Mesop Python UI framework when deployed with the FileStateSessionBackend. Attackers can supply a malicious untrusted state_token via the UI stream payload to access arbitrary files on the host server. Successful exploitation can result in application denial of service or full arbitrary file manipulation.
Remediation
Upgrade Mesop to version 1.2.3 or newer, which resolves this vulnerability. Restrict network access to Mesop instances to trusted parties only until the update is applied. Verify your deployment is running the patched version after upgrade.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.