CVE-2024-24808Open Redirect in Project Pyload-ng

CWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUMNVD
CNA4.7
EPSS
2.4%
top 15.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pyload-ng Project Pyload-ngPyload
Timeline
PublishedFeb 6

Description

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

PyPIpyload-ng_project/pyload-ng< 0.5.0b3.dev79
CVEListV5pyload/pyload0.4.20
NVDpyload/pyload0.5.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
CVEList
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function2024-02-06
GHSA
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function2024-02-05
OSV
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function2024-02-05
CVE-2024-24808 — Open Redirect in Project Pyload-ng | cvebase