Skip to main content

Pyload CVE-2023-0297

CRITICAL
Code Injection (CWE-94)
2023-01-14 security@huntr.dev
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 14, 2023 - 03:15 nvd
CRITICAL 9.8

DescriptionNVD

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

AnalysisAI

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. Affected products include: Pyload. Version information: prior to 0.5.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

More in Pyload

View all
CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2023-0435 CRITICAL POC
9.8 Jan 22

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. Rated critical severity (CVSS 9.8),

CVE-2023-47890 HIGH POC
8.8 Jan 08

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2023-0434 HIGH POC
7.5 Jan 22

Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. Rated high severity (CVSS 7.5), thi

CVE-2023-0509 HIGH POC
7.4 Jan 26

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. Rated high severity (CVSS 7.4

CVE-2024-32880 HIGH POC
7.2 Apr 26

pyload is an open-source Download Manager written in pure Python. Rated high severity (CVSS 7.2), this vulnerability is

CVE-2023-0227 MEDIUM POC
6.5 Jan 12

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. Rated medium severity (CVSS 6

CVE-2024-1240 MEDIUM POC
6.1 Nov 15

An open redirection vulnerability exists in pyload/pyload version 0.5.0. Rated medium severity (CVSS 6.1), this vulnerab

CVE-2024-24808 MEDIUM POC
6.1 Feb 06

pyLoad is an open-source Download Manager written in pure Python. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2023-0488 MEDIUM POC
5.4 Jan 26

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. Rated medium severity (CV

CVE-2023-0055 MEDIUM POC
5.3 Jan 04

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.

Share

CVE-2023-0297 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy