logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-1240 pyload-ng

Package

Manager: pip
Name: pyload-ng
Vulnerable Version: =0.5.0a5.dev528 || =0.5.0a5.dev532 || =0.5.0a5.dev535 || =0.5.0a5.dev536 || =0.5.0a5.dev537 || =0.5.0a5.dev539 || =0.5.0a5.dev540 || =0.5.0a5.dev545 || =0.5.0a5.dev562 || =0.5.0a5.dev564 || =0.5.0a5.dev565 || =0.5.0a6.dev570 || =0.5.0a6.dev578 || =0.5.0a6.dev587 || =0.5.0a7.dev596 || =0.5.0a8.dev602 || =0.5.0a9.dev615 || =0.5.0a9.dev629 || =0.5.0a9.dev632 || =0.5.0a9.dev641 || =0.5.0a9.dev643 || =0.5.0a9.dev655 || =0.5.0a9.dev806 || =0.5.0b1.dev1 || =0.5.0b1.dev2 || =0.5.0b1.dev3 || =0.5.0b1.dev4 || =0.5.0b1.dev5 || =0.5.0b2.dev10 || =0.5.0b2.dev11 || =0.5.0b2.dev12 || =0.5.0b2.dev9 || =0.5.0b3.dev13 || =0.5.0b3.dev14 || =0.5.0b3.dev17 || =0.5.0b3.dev18 || =0.5.0b3.dev19 || =0.5.0b3.dev20 || =0.5.0b3.dev21 || =0.5.0b3.dev22 || =0.5.0b3.dev24 || =0.5.0b3.dev26 || =0.5.0b3.dev27 || =0.5.0b3.dev28 || =0.5.0b3.dev29 || =0.5.0b3.dev30 || =0.5.0b3.dev31 || =0.5.0b3.dev32 || =0.5.0b3.dev33 || =0.5.0b3.dev34 || =0.5.0b3.dev35 || =0.5.0b3.dev38 || =0.5.0b3.dev39 || =0.5.0b3.dev40 || =0.5.0b3.dev41 || =0.5.0b3.dev42 || =0.5.0b3.dev43 || =0.5.0b3.dev44 || =0.5.0b3.dev45 || =0.5.0b3.dev46 || =0.5.0b3.dev47 || =0.5.0b3.dev48 || =0.5.0b3.dev49 || =0.5.0b3.dev50 || =0.5.0b3.dev51 || =0.5.0b3.dev52 || =0.5.0b3.dev53 || =0.5.0b3.dev54 || =0.5.0b3.dev57 || =0.5.0b3.dev60 || =0.5.0b3.dev62 || =0.5.0b3.dev64 || =0.5.0b3.dev65 || =0.5.0b3.dev66 || =0.5.0b3.dev67 || =0.5.0b3.dev68 || =0.5.0b3.dev69 || =0.5.0b3.dev70 || =0.5.0b3.dev71 || =0.5.0b3.dev72 || =0.5.0b3.dev73 || =0.5.0b3.dev74 || =0.5.0b3.dev75 || =0.5.0b3.dev76 || =0.5.0b3.dev77 || =0.5.0b3.dev78 || =0.5.0b3.dev79 || =0.5.0b3.dev80 || =0.5.0b3.dev81 || =0.5.0b3.dev82 || =0.5.0b3.dev85 || =0.5.0b3.dev87 || >=0 <fe94451dcc2be90b3889e2fd9d07b483c8a6dccd

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.001 pctl0.28321

Details

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

Metadata

Created: 2024-11-15T11:15:00Z
Modified: 2024-11-19T22:59:28.653347Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F156
Auto approve: 1