GHSA-9GJJ-6GJ7-C4WJ Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...

PT-2025-34274 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev92 Description: The jk parameter in the pyLoad CNL Blueprint lacks proper verification. This allows a user-supplied jk parameter to be directly passed to dykpy.evaljs, leading to full server CPU utilization...