CVE-2024-1240

Published Nov 15, 2024

Last updated 3 months ago

CVSS medium 6.1

Overview

Description: An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
Source: security@huntr.dev
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 4.6
Impact score: 2.5
Exploitability score: 2.1
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Severity: MEDIUM

Weaknesses

security@huntr.dev: CWE-601

Hype score: Not currently trending

CVE-2024-1240 An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionalit… https://t.co/IN9PxbJBYl
@CVEnew
15 Nov 2024
304 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pyload:pyload:0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5A06D79-6D64-41FB-9040-17E9630DF4E9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

Weaknesses

Social media

Configurations

References