We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-1240

Open Redirection in pyload/pyload



Description

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

Reserved 2024-02-05 | Published 2024-11-15 | Updated 2024-11-15 | Assigner @huntr_ai


MEDIUM: 4.6CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Problem types

CWE-601 URL Redirection to Untrusted Site

Product status

Any version before pyload-ng 0.5.0b3.dev79
affected

References

huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e

github.com/...ommit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd

cve.org (CVE-2024-1240)

nvd.nist.gov (CVE-2024-1240)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-1240

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.