CVE-2024-24808

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*

History

13 Feb 2024, 22:48

Type Values Removed Values Added
CPE cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
References () https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd - () https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd - Patch
References () https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5 - () https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5 - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
First Time Pyload pyload
Pyload

06 Feb 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-06 04:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-24808

Mitre link : CVE-2024-24808

CVE.ORG link : CVE-2024-24808


JSON object : View

Products Affected

pyload

  • pyload
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')