CVE-2023-0435 Excessive Attack Surface in pyload/pyload

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

pyload 安全漏洞

pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. A security vulnerability exists in versions prior to pyload/pyload 0.5.0b3.dev41, which stems from the presence of too many attack surfac...

PT-2023-16267 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev41 Description: The issue concerns an excessive attack surface in the GitHub repository pyload/pyload. Recommendations: For versions prior to 0.5.0b3.dev41, update to version 0.5.0b3.dev41 or later t...

CVE-2023-0435 Excessive Attack Surface in pyload/pyload

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

CVE-2023-0435

CVE-2023-0435 affects pyload/pyload (GitHub repo) prior to version 0.5.0b3.dev41. The underlying issue is an Excessive Attack Surface, leading to a high/critical risk (NVD score 9.8). Affected component is the pyload/pyload codebase; root cause described as too many attack surfaces. Remediation: ...

CVE-2023-0435 Excessive Attack Surface in pyload/pyload

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

CVE-2023-0434

CVE-2023-0434 affects the Python-based download manager project pyload/pyload . The issue is described as an improper input validation vulnerability in versions prior to 0.5.0b3.dev40 . Affected component is the core input handling of pyload/pyload, with the underlying root cause being insufficie...

PT-2023-8517 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev78 Description: The issue is related to a Cross-Site Request Forgery CSRF attack. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities. Any API...

GHSA-PF38-5P22-X6H6 Code Injection in pyload-ng

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

Code Injection in pyload-ng

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

CVE-2023-0297

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

Code injection

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

CVE-2023-0297 Code Injection in pyload/pyload

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

pyload 代码注入漏洞

pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. A code injection vulnerability exists in pyload/pyload 0.5.0b3.dev31 and prior versions, which stems from an attacker being able to...

PT-2023-16152 · Pypi +1 · Js2Py +1

Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev31 Description: The issue concerns a code injection vulnerability in the pyload/pyload GitHub repository. It allows for pre-authentication remote code execution RCE due to the integration of JavaScri...

CVE-2023-0297 Code Injection in pyload/pyload

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

CVE-2023-0297 Code Injection in pyload/pyload

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

CVE-2023-0297

PyLoad 0.5.0 pre-auth RCE (CVE-2023-0297) via code injection in js2py exposed by the flash/addcrypted2 endpoint. Exploitation is unauthenticated and can be triggered by sending crafted requests to /flash/addcrypted2, enabling remote code execution on affected systems. Multiple connected sources c...

Pyload Insufficient Session Expiration vulnerability

Pyload 0.5.0b3.dev35 has an Insufficient Session Expiration vulnerability. A patch is available and anticipated to be part of version 0.5.0b3.dev36...

GHSA-RV9X-WMW4-44QJ Pyload Insufficient Session Expiration vulnerability

Pyload 0.5.0b3.dev35 has an Insufficient Session Expiration vulnerability. A patch is available and anticipated to be part of version 0.5.0b3.dev36...