CVE-2024-1240Open Redirect in Pyload

CWE-601Open RedirectCWE-1240Use of a Cryptographic Primitive with a Risky Implementation5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 54.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Pyload PyloadPyload-ng Project Pyload-ngPyload
Timeline
PublishedNov 15

Description

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5pyload/pyload_pyloadunspecifiedpyload-ng 0.5.0b3.dev79
PyPIpyload-ng_project/pyload-ng< fe94451dcc2be90b3889e2fd9d07b483c8a6dccd
NVDpyload/pyload0.5.0

Patches

Patch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-3mmf-29wp-jc9p: An open redirection vulnerability exists in pyload/pyload version 02024-11-15
OSV
CVE-2024-1240: An open redirection vulnerability exists in pyload/pyload version 02024-11-15
CVEList
Open Redirection in pyload/pyload2024-11-15

📋Vendor Advisories

1
Red Hat
argocd: Use of Risky or Missing Cryptographic Algorithms in Redis Cache2024-05-15
CVE-2024-1240 — Open Redirect in Pyload Pyload | cvebase