CVE-2024-24808

Exploit

EPSS 0.55%
Veröffentlicht 06.02.2024 04:15:08
Zuletzt bearbeitet 21.11.2024 08:59:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pyload ≫ Pyload Version <= 0.5.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.414

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	4.7	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd

Patch

https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-24808

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24808

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24808

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-24808