CVE-2024-32880

Опубликовано: 26 апр. 2024

Источник: nvd

CVSS3: 9.1

CVSS3: 7.2

EPSS Низкий

Описание

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication.

Ссылки

https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f
Exploit
Vendor Advisory
https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*

Версия до 0.5.0 (включая)

EPSS

Процентиль: 88%

0.03976

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

CVE-2024-32880

CVSS3: 9.1

debian

почти 2 года назад

pyload is an open-source Download Manager written in pure Python. An a ...

GHSA-3f7w-p8vr-4v5f

CVSS3: 9.1

github

почти 2 года назад

pyLoad allows upload to arbitrary folder lead to RCE

EPSS

Процентиль: 88%

0.03976

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434