CVE-2024-1240

Exploit

EPSS 0.23%
Veröffentlicht 15.11.2024 11:15:10
Zuletzt bearbeitet 19.11.2024 19:04:53
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pyload ≫ Pyload Version0.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.457

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
security@huntr.dev	4.6	2.1	2.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd

Patch

https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-1240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1240

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-1240