CVE-2024-21645

2024-01-0814:15:47

CWE-74

[email protected]

web.nvd.nist.gov

cve

pyload

log injection

unauthenticated actor

arbitrary messages

logs

forged

corrupted log files

attacker

tracks

implicate

patched

version 0.5.0b3.dev77

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.