Kaydoda

**Name of the Vulnerable Software and Affected Versions** pyLoad versions prior to 0.5.0b3.dev78 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) attack. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities. Any API call can be made via a CSRF attack by an unauthenticated user. For example, an attacker can trick an administrator into visiting a malicious page, which can make a request to `/api/add user/` and add a new administrator to the `pyload` application. **Recommendations** For versions prior to 0.5.0b3.dev78, upgrade to release 0.5.0b3.dev78 or later to address the issue. As a temporary workaround, consider restricting access to the `pyload` API to minimize the risk of exploitation. Avoid using the `pyload` API until the issue is resolved.