cbcvebase.
CVE-2024-1240
published 2024-11-15

CVE-2024-1240: An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login…

PriorityP430medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.32%
23.6th percentile
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

Affected

3 ranges
VendorProductVersion rangeFixed in
pyload-ng_projectpyload-ng>= 0 < fe94451dcc2be90b3889e2fd9d07b483c8a6dccdfe94451dcc2be90b3889e2fd9d07b483c8a6dccd
pyloadpyload
pyloadpyload_pyload>= unspecified < pyload-ng 0.5.0b3.dev79pyload-ng 0.5.0b3.dev79

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.6MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
vendor_redhat9.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.