GHSA-3F7W-P8VR-4V5F pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/appblueprint.py python @bp.route"/render/", endpoint="render" def renderfilename:...

pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/appblueprint.py python @bp.route"/render/", endpoint="render" def renderfilename:...

CVE-2024-32880

creationtimestamp| type| source ---|---|--- 2024-04-24 20:42:50+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f...

PT-2024-24936

Name of the Vulnerable Software and Affected Versions pyload affected versions not specified Description An authenticated user can achieve remote code execution by changing the download folder and uploading a crafted template to that location. This is possible through the '/json/add package'...

The vulnerability of the software for downloading pyload files, related to the manipulation of cross-site requests, allows a perpetrator to carry out a CSRF attack.

The vulnerability of the software for downloading pyload files is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

CVE-2024-24808

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

Open redirect

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

CVE-2024-24808

CVE-2024-24808 affects the pyLoad open-source Download Manager. The issue is an open redirect caused by improper validation in the login redirect flow, specifically how URLs are validated via the get_redirect_url/is_safe_url path. The vulnerability is mitigated by a patch in commit fe94451. Sever...

CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

pyLoad Input Validation Error Vulnerability

pyload is a free and open source download manager written in Python and designed to be extremely lightweight, easily scalable and fully manageable over the Web. An input validation error vulnerability exists in pyLoad that stems from incorrect validation of input values when redirecting users aft...

GHSA-G3CM-QG2V-2HJ5 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

Summary Open redirect vulnerability due to incorrect validation of input values when redirecting users after login. Details pyload is validating URLs via the getredirecturl function when redirecting users at login. The URL entered in the next variable goes through the issafeurl function, where a...

pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

Summary Open redirect vulnerability due to incorrect validation of input values when redirecting users after login. Details pyload is validating URLs via the getredirecturl function when redirecting users at login. The URL entered in the next variable goes through the issafeurl function, where a...

PT-2024-20576 · Python +1 · Urllib +1

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to the version with commit fe94451 Description: The issue is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad validates URLs via the get redirect url...

VulnCheck KEV: CVE-2023-0297

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

GHSA-PGPJ-V85Q-H5FM Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation

Summary The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attack. This proof of concept shows how an unauthenticated user could...

Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation

Summary The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attack. This proof of concept shows how an unauthenticated user could...

Cross-Site Request Forgery (CSRF)

pyLoad is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to a missing SameSite attribute for the session cookie. This allows an attacker to perform a Cross-Site Request Forgery CSRF attack via an API call...

CVE-2024-22416

pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...