CVE-2024-1240

Published Nov 15, 2024

Last updated 2 days ago

CVSS medium 4.6

Overview

Description
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
Source
security@huntr.dev
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.6
Impact score
2.5
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Severity
MEDIUM

CVSS 3.0

Type
Secondary
Base score
4.6
Impact score
2.5
Exploitability score
2.1
Vector string
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Severity
MEDIUM

Weaknesses

security@huntr.dev
CWE-601

Social media

Hype score
Not currently trending

  1. CVE-2024-1240 An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionalit… https://t.co/IN9PxbJBYl

    @CVEnew

    15 Nov 2024

    304 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References