Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2024-21644

Published: 08/01/2024 Updated: 11/01/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Pyload

Vulnerability Summary

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pyload pyload

pyload pyload 0.5.0

Github Repositories

https://github.com/ltranquility/CVE-2024-21644-Poc

CVE-2024-21644的poc 安装模块: pip install requests pipinstall colorama

References

NVD-CWE-noinfohttps://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fvhttps://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40https://nvd.nist.govhttps://github.com/ltranquility/CVE-2024-21644-Poc
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook