CVE-2024-24808
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.
pyLoad es un administrador de descargas de código abierto escrito en Python puro. Existe una vulnerabilidad de redireccionamiento abierto debido a la validación incorrecta de los valores de entrada al redirigir a los usuarios después de iniciar sesión. pyLoad valida las URL a través de la función `get_redirect_url` cuando redirige a los usuarios al iniciar sesión. Esta vulnerabilidad se ha solucionado con el commit fe94451.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-31 CVE Reserved
- 2024-02-06 CVE Published
- 2024-02-14 EPSS Updated
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5 | 2024-08-01 |
URL | Date | SRC |
---|---|---|
https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd | 2024-02-13 |
URL | Date | SRC |
---|