logo

Database

Server side template injection In pyload-ng

Description

Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references.

Original Description

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. NVD-2024-392052. GHSA-r9pp-r4xf-597r3. GCVE-GHSA-25pw-q952-x37g

References

1. https://github.com/pyload/pyload/security/advisories/GHSA-r9pp-r4xf-597r2. https://github.com/Marven11/CVE-2024-39205-Pyload-RCE/tree/main3. https://github.com/pyload/pyload

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.