CVE-2024-24808

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to the version with commit fe94451

Description The issue is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad validates URLs via the get redirect url function and the is safe url function when redirecting users at login. However, a lack of validation can redirect the user to an arbitrary domain. The urlparse function in the urllib library recognizes improper URLs as relative paths, which can be converted to absolute URLs due to URL normalization. This vulnerability can be used by an attacker to redirect users to malicious websites for phishing and similar attacks.

Recommendations For versions prior to the version with commit fe94451, update to a version that includes the patch with commit fe94451 to resolve the issue. As a temporary workaround, consider restricting the use of the get redirect url function and the is safe url function to minimize the risk of exploitation. Avoid using the next variable in the affected login functionality until the issue is resolved.