CVE-2024-24808

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24808

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24808.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24808

Aliases

GHSA-g3cm-qg2v-2hj5

Published

2024-02-06T04:15:08Z

Modified

2024-05-23T01:28:30.952171Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the get_redirect_url function when redirecting users at login. This vulnerability has been patched with commit fe94451.

References

Affected packages

Git / github.com/pyload/pyload

Affected ranges

Type: GIT
Repo: https://github.com/pyload/pyload
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fe94451dcc2be90b3889e2fd9d07b483c8a6dccd

Affected versions

v0.*

v0.1

v0.1.1

v0.2

v0.2.1

v0.2.2

v0.3

v0.3.1

v0.3.2

v0.4

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9