Name of the Vulnerable Software and Affected Versions:

pyload-ng version 0.5.0b3.dev85

pyload (running under python3.11 or below)

Description:

The issue is related to insufficient input validation in the pyload software, allowing a remote attacker to execute arbitrary code by sending a specially crafted HTTP request. This can be achieved through a manipulated HTTP request, potentially leading to code execution. The estimated number of potentially affected devices worldwide is not specified.

Recommendations:

For pyload-ng version 0.5.0b3.dev85, consider disabling the vulnerable function until a patch is available.

For pyload running under python3.11 or below, restrict access to the vulnerable module to minimize the risk of exploitation.

Avoid using the vulnerable API endpoint until the issue is resolved.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.