CVE-2024-1240

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions pyload/pyload version 0.5.0

Description An open redirection vulnerability exists due to improper handling of the next parameter in the login functionality. This allows an attacker to redirect users to malicious sites, potentially leading to phishing or other malicious activities.

Recommendations For pyload/pyload version 0.5.0, update to pyload-ng 0.5.0b3.dev79 to resolve the issue. As a temporary workaround, consider restricting the use of the next parameter in the login functionality to minimize the risk of exploitation.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2024-1240

PYSEC-2024-123

Affected Products

Pyload

CVE-2024-1240

Weakness Enumeration

Related Identifiers

Affected Products

References · 9