Vulnerability Details CVE-2024-21644
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.865
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40
- https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv
- https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40
- https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv
Products affected by CVE-2024-21644
-
cpe:2.3:a:pyload:pyload:-
-
cpe:2.3:a:pyload:pyload:0.1
-
cpe:2.3:a:pyload:pyload:0.1.1
-
cpe:2.3:a:pyload:pyload:0.2
-
cpe:2.3:a:pyload:pyload:0.2.1
-
cpe:2.3:a:pyload:pyload:0.2.2
-
cpe:2.3:a:pyload:pyload:0.3
-
cpe:2.3:a:pyload:pyload:0.3.1
-
cpe:2.3:a:pyload:pyload:0.3.2
-
cpe:2.3:a:pyload:pyload:0.4
-
cpe:2.3:a:pyload:pyload:0.4.1
-
cpe:2.3:a:pyload:pyload:0.4.2
-
cpe:2.3:a:pyload:pyload:0.4.3
-
cpe:2.3:a:pyload:pyload:0.4.4
-
cpe:2.3:a:pyload:pyload:0.4.5
-
cpe:2.3:a:pyload:pyload:0.4.6
-
cpe:2.3:a:pyload:pyload:0.4.7
-
cpe:2.3:a:pyload:pyload:0.4.8
-
cpe:2.3:a:pyload:pyload:0.4.9
-
cpe:2.3:a:pyload:pyload:0.5.0