Lucene search

GitHub_MCVELIST:CVE-2024-24808

HistoryFeb 06, 2024 - 3:17 a.m.

CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

2024-02-0603:17:16

CWE-601

GitHub_M

www.cve.org

cve-2024-24808

pyload

open redirect

validation

get_redirect_url

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

EPSS

0.001

Percentile

17.0%

JSON

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the get_redirect_url function when redirecting users at login. This vulnerability has been patched with commit fe94451.

CNA Affected

[
  {
    "vendor": "pyload",
    "product": "pyload",
    "versions": [
      {
        "version": "<= 0.4.20",
        "status": "affected"
      }
    ]
  }
]

References

github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd

github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for CVELIST:CVE-2024-24808