CVE-2024-21645

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-21645

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21645.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-21645

Aliases

GHSA-ghmw-rwh8-6qmr

Published

2024-01-08T13:20:47Z

Modified

2025-11-04T20:16:19.769646Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

pyLoad Log Injection

Details

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.

Database specific

{
    "cwe_ids": [
        "CWE-74"
    ]
}

References

Affected packages

Git / github.com/pyload/pyload

Affected ranges

Type: GIT
Repo: https://github.com/pyload/pyload
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4159a1191ec4fe6d927e57a9c4bb8f54e16c381d

Affected versions

v0.*

v0.1

v0.1.1

v0.2

v0.2.1

v0.2.2

v0.3

v0.3.1

v0.3.2

v0.4

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9