References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-94

https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546

https://github.com/pyload/pyload/pull/4586

https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53