An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
References
Link | Resource |
---|---|
https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd | Patch |
https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e | Exploit Third Party Advisory |
Configurations
History
19 Nov 2024, 19:04
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:pyload:pyload:0.5.0:*:*:*:*:*:*:* | |
References | () https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd - Patch | |
References | () https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e - Exploit, Third Party Advisory | |
First Time |
Pyload pyload
Pyload |
15 Nov 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Nov 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-15 11:15
Updated : 2024-11-19 19:04
NVD link : CVE-2024-1240
Mitre link : CVE-2024-1240
CVE.ORG link : CVE-2024-1240
JSON object : View
Products Affected
pyload
- pyload
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')