Home > Vulnerability Database > CVE-2024-24808

Mend.io Vulnerability Database

CVE-2024-24808

Good to know:

Date: February 5, 2024

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

Language: Python

Severity Score

6.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-24808

Url: https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd

Url: https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5

Url: https://www.mend.io/vulnerability-database/CVE-2024-24808

Severity Score

6.1

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version pyload-ng - 0.5.0b3.dev79

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-24808

Good to know:

Date: February 5, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?