SCA: security update for mesop (GHSA-pmv9-3xqp-8w42)

high Tenable Self-Hosted Container Security Plugin ID 417610

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been
discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server
hosting the Mesop application. The vulnerability was related to insufficient input validation in a
specific endpoint. This could have allowed an attacker to access files not intended to be served. Users
are strongly advised to update to the latest version of Mesop immediately. The latest version includes a
fix for this vulnerability. At time of publication 0.12.4 is the most recently available version of Mesop.
(CVE-2024-45601)

See Also

https://github.com/advisories/GHSA-pmv9-3xqp-8w42

Plugin Details

Severity: High

ID: 417610

Version: Revision 1.9

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 6/30/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.69

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-45601

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 6.6

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 9/18/2024

Vulnerability Publication Date: 9/18/2024

Reference Information

CVE: CVE-2024-45601