CVE-2024-24808

2024-02-0604:15:08

CWE-601

[email protected]

web.nvd.nist.gov

pyload

download manager

open-source

open redirect vulnerability

patch

cve-2024-24808

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the get_redirect_url function when redirecting users at login. This vulnerability has been patched with commit fe94451.

Affected configurations

Vulners

NVD

Node

pyloadpyloadRange≤0.4.20

VendorProductVersionCPE
pyloadpyload*cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pyload	pyload	*	cpe:2.3:a:pyload:pyload::::::::

CNA Affected

[
  {
    "vendor": "pyload",
    "product": "pyload",
    "versions": [
      {
        "version": "<= 0.4.20",
        "status": "affected"
      }
    ]
  }
]