Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionGitHub Advisory
RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries marked as private may be unintentionally retained in API responses, allowing unauthorized disclosure of non-public location information. This vulnerability is fixed in 1.9.0.
AnalysisAI
RansomLook versions prior to 1.9.0 disclose non-public location information through an improper list-filtering logic error in the API layer. The vulnerability stems from removing elements from a list during iteration in website/web/api/genericapi.py, causing entries marked as private to persist in API responses. Unauthenticated remote attackers can retrieve sensitive location data that should remain hidden, with CVSS 6.9 indicating low confidentiality impact across the network.
Technical ContextAI
RansomLook's API endpoint responsible for location data filtering contains a classic concurrent modification vulnerability. The code iterates over a list of location entries while removing elements that should be marked as private, which causes the iterator to skip elements or retain unprocessed entries depending on the iteration method. This is a common programming error in Python where removing items from a list during iteration (via list.remove() within a for loop) causes elements to be skipped. The flaw affects the genericapi.py module, which serves API responses to web clients. CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) describes the root cause: the API fails to properly gate access to or filter sensitive data before transmission.
RemediationAI
Upgrade RansomLook to version 1.9.0 or later to apply the vendor-released patch that corrects the list-filtering logic in genericapi.py. Organizations running versions prior to 1.9.0 should prioritize this upgrade to prevent unauthorized disclosure of location data. If immediate patching is not feasible, implement network-level access controls to restrict API endpoint exposure to trusted internal networks only, or disable public API access until the patch can be deployed. Note that restricting API access may impact legitimate monitoring use cases, so evaluate the trade-off against your operational requirements. No workarounds exist short of API restriction, as the vulnerability is intrinsic to the filtering logic and cannot be mitigated through configuration.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24180