Home > Vulnerability Database > CVE-2024-1240

Mend.io Vulnerability Database

CVE-2024-1240

Good to know:

Date: November 15, 2024

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

Language: Python

Severity Score

4.6

Related Resources (4)

Url: https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-1240

Url: https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e

Url: https://www.mend.io/vulnerability-database/CVE-2024-1240

Severity Score

4.6

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-1240

Good to know:

Date: November 15, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?