Name of the Vulnerable Software and Affected Versions:

pyLoad versions prior to 0.5.0b3.dev77

Description:

Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET KEY` variable. This issue allows attackers to access sensitive information, which could have detrimental consequences for security. The estimated number of potentially affected devices is not specified.

Recommendations:

For versions prior to 0.5.0b3.dev77, update to version 0.5.0b3.dev77 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/render/info.html` endpoint to minimize the risk of exploitation. Avoid using the `SECRET KEY` variable in the affected API endpoint until the issue is resolved.