CVE-2024-24808

Опубликовано: 06 фев. 2024

Источник: nvd

CVSS3: 4.7

CVSS3: 6.1

EPSS Низкий

Описание

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the get_redirect_url function when redirecting users at login. This vulnerability has been patched with commit fe94451.

Ссылки

https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd
Patch
https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5
Exploit
Vendor Advisory
https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd
Patch
https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*

Версия до 0.5.0 (включая)

EPSS

Процентиль: 82%

0.01813

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

CVE-2024-24808

CVSS3: 4.7

debian

около 2 лет назад

pyLoad is an open-source Download Manager written in pure Python. Ther ...

GHSA-g3cm-qg2v-2hj5

CVSS3: 6.1

github

около 2 лет назад

pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

EPSS

Процентиль: 82%

0.01813

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601