CVE-2024-1240

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pyload:pyload:0.5.0:*:*:*:*:*:*:*

History

19 Nov 2024, 19:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.6
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:pyload:pyload:0.5.0:*:*:*:*:*:*:*
References () https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd - () https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd - Patch
References () https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e - () https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e - Exploit, Third Party Advisory
First Time Pyload pyload
Pyload

15 Nov 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de redirección abierta en la versión 0.5.0 de pyload/pyload. La vulnerabilidad se debe a un manejo inadecuado del parámetro 'next' en la función de inicio de sesión. Un atacante puede aprovechar esta vulnerabilidad para redirigir a los usuarios a sitios maliciosos, que pueden usarse para suplantación de identidad u otras actividades maliciosas. El problema se solucionó en pyload-ng 0.5.0b3.dev79.

15 Nov 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-15 11:15

Updated : 2024-11-19 19:04


NVD link : CVE-2024-1240

Mitre link : CVE-2024-1240

CVE.ORG link : CVE-2024-1240


JSON object : View

Products Affected

pyload

  • pyload
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')