CVE-2024-24808
published 2024-02-06CVE-2024-24808: pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when…
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.55%
41.6th percentile
pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pyload-ng_project | pyload-ng | >= 0 < 0.5.0b3.dev79 | 0.5.0b3.dev79 |
| pyload | pyload | <= 0.5.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
ghsa·2024-02-05
CVE-2024-24808 [MEDIUM] CWE-601 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
### Summary
Open redirect vulnerability due to incorrect validation of input values when redirecting users after login.
### Details
pyload is validating URLs via the `get_redirect_url` function when redirecting users at login.
The URL entered in the `next` variable goes through the `is_safe_url` function, where a lack of validation can redirect the user to an arbitrary domain.
The documentation in the urllib library shows that improper URLs are recognized as relative paths when using the `urlparse` function. (https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlparse)
For example, When an unusual URL like `https:///example.com` is entered, `urlparse` interprets it as a relative p
OSV
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
osv·2024-02-05
CVE-2024-24808 [MEDIUM] pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
### Summary
Open redirect vulnerability due to incorrect validation of input values when redirecting users after login.
### Details
pyload is validating URLs via the `get_redirect_url` function when redirecting users at login.
The URL entered in the `next` variable goes through the `is_safe_url` function, where a lack of validation can redirect the user to an arbitrary domain.
The documentation in the urllib library shows that improper URLs are recognized as relative paths when using the `urlparse` function. (https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlparse)
For example, When an unusual URL like `https:///example.com` is entered, `urlparse` interprets it as a relative p
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccdhttps://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccdhttps://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5
2024-02-06
Published