Search criteria
18 vulnerabilities found for pyload/pyload by pyload
CVE-2024-1240 (GCVE-0-2024-1240)
Vulnerability from cvelistv5 – Published: 2024-11-15 10:57 – Updated: 2024-11-15 19:07
VLAI?
Summary
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
Severity ?
4.6 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < pyload-ng 0.5.0b3.dev79
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:payload:payload:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "payload",
"vendor": "payload",
"versions": [
{
"lessThan": "pyload-ng 0.5.0b3.dev79",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1240",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T19:04:11.868290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T19:07:26.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "pyload-ng 0.5.0b3.dev79",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the \u0027next\u0027 parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:07.797Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e"
},
{
"url": "https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd"
}
],
"source": {
"advisory": "eef9513d-ccc3-4030-b574-374c5e7b887e",
"discovery": "EXTERNAL"
},
"title": "Open Redirection in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-1240",
"datePublished": "2024-11-15T10:57:07.797Z",
"dateReserved": "2024-02-05T22:31:20.037Z",
"dateUpdated": "2024-11-15T19:07:26.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0488 (GCVE-0-2023-0488)
Vulnerability from cvelistv5 – Published: 2023-01-26 00:00 – Updated: 2025-03-31 16:47
VLAI?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.
Severity ?
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev42
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0488",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:46:52.053308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:47:00.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev42",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a"
},
{
"url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd"
}
],
"source": {
"advisory": "4311d8d7-682c-4f2a-b92c-3f9f1a36255a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0488",
"datePublished": "2023-01-26T00:00:00.000Z",
"dateReserved": "2023-01-25T00:00:00.000Z",
"dateUpdated": "2025-03-31T16:47:00.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0509 (GCVE-0-2023-0509)
Vulnerability from cvelistv5 – Published: 2023-01-26 00:00 – Updated: 2025-03-31 16:45
VLAI?
Summary
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.
Severity ?
7.4 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev44
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31a8e839"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/a9098bdf7406e6faf9df3da6ff2d584e90c13bbb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0509",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:45:22.563280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:45:30.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev44",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31a8e839"
},
{
"url": "https://github.com/pyload/pyload/commit/a9098bdf7406e6faf9df3da6ff2d584e90c13bbb"
}
],
"source": {
"advisory": "a370e0c2-a41c-4871-ad91-bc6f31a8e839",
"discovery": "EXTERNAL"
},
"title": "Improper Certificate Validation in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0509",
"datePublished": "2023-01-26T00:00:00.000Z",
"dateReserved": "2023-01-26T00:00:00.000Z",
"dateUpdated": "2025-03-31T16:45:30.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0435 (GCVE-0-2023-0435)
Vulnerability from cvelistv5 – Published: 2023-01-22 00:00 – Updated: 2025-04-02 15:50
VLAI?
Summary
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.
Severity ?
4 (Medium)
CWE
- CWE-1125 - Excessive Attack Surface
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev41
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a3e32ad5-caee-4f43-b10a-4a876d4e3f1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/431ea6f0371d748df66b344a05ca1a8e0310cff3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0435",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:49:55.092645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:50:20.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev41",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1125",
"description": "CWE-1125 Excessive Attack Surface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-22T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a3e32ad5-caee-4f43-b10a-4a876d4e3f1d"
},
{
"url": "https://github.com/pyload/pyload/commit/431ea6f0371d748df66b344a05ca1a8e0310cff3"
}
],
"source": {
"advisory": "a3e32ad5-caee-4f43-b10a-4a876d4e3f1d",
"discovery": "EXTERNAL"
},
"title": "Excessive Attack Surface in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0435",
"datePublished": "2023-01-22T00:00:00.000Z",
"dateReserved": "2023-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-02T15:50:20.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0434 (GCVE-0-2023-0434)
Vulnerability from cvelistv5 – Published: 2023-01-22 00:00 – Updated: 2025-04-02 15:51
VLAI?
Summary
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.
Severity ?
5.4 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev40
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae01dad4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0434",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:51:18.168203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:51:41.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev40",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-22T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae01dad4"
},
{
"url": "https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104"
}
],
"source": {
"advisory": "7d9332d8-6997-483b-9fb9-bcf2ae01dad4",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0434",
"datePublished": "2023-01-22T00:00:00.000Z",
"dateReserved": "2023-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-02T15:51:41.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0297 (GCVE-0-2023-0297)
Vulnerability from cvelistv5 – Published: 2023-01-14 00:00 – Updated: 2025-04-07 18:41
VLAI?
Summary
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Severity ?
9.8 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev31
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:54.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0297",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:41:46.711629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:41:55.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65"
},
{
"url": "https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d"
},
{
"url": "http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html"
}
],
"source": {
"advisory": "3fd606f7-83e1-4265-b083-2e1889a05e65",
"discovery": "EXTERNAL"
},
"title": " Code Injection in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0297",
"datePublished": "2023-01-14T00:00:00.000Z",
"dateReserved": "2023-01-14T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:41:55.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0227 (GCVE-0-2023-0227)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-08 13:39
VLAI?
Summary
Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.
Severity ?
8.3 (High)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev36
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/af3101d7-fea6-463a-b7e4-a48be219e31b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/c035714c0596b704b11af0f8a669352f128ad2d9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:38:58.951499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T13:39:15.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev36",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/af3101d7-fea6-463a-b7e4-a48be219e31b"
},
{
"url": "https://github.com/pyload/pyload/commit/c035714c0596b704b11af0f8a669352f128ad2d9"
}
],
"source": {
"advisory": "af3101d7-fea6-463a-b7e4-a48be219e31b",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0227",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2023-01-12T00:00:00.000Z",
"dateUpdated": "2025-04-08T13:39:15.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0057 (GCVE-0-2023-0057)
Vulnerability from cvelistv5 – Published: 2023-01-05 00:00 – Updated: 2025-04-09 15:33
VLAI?
Summary
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.
Severity ?
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev33
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/12b64f91-d048-490c-94b0-37514b6d694d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/bd2a31b7de54570b919aa1581d486e6ee18c0f64"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0057",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:23:29.067149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:33:56.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev33",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/12b64f91-d048-490c-94b0-37514b6d694d"
},
{
"url": "https://github.com/pyload/pyload/commit/bd2a31b7de54570b919aa1581d486e6ee18c0f64"
}
],
"source": {
"advisory": "12b64f91-d048-490c-94b0-37514b6d694d",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of Rendered UI Layers or Frames in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0057",
"datePublished": "2023-01-05T00:00:00.000Z",
"dateReserved": "2023-01-04T00:00:00.000Z",
"dateUpdated": "2025-04-09T15:33:56.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0055 (GCVE-0-2023-0055)
Vulnerability from cvelistv5 – Published: 2023-01-04 00:00 – Updated: 2025-04-09 15:32
VLAI?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.
Severity ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev32
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:24:08.895936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:32:47.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-04T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce"
},
{
"url": "https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703"
}
],
"source": {
"advisory": "ed88e240-99ff-48a1-bf32-8e1ef5f13cce",
"discovery": "EXTERNAL"
},
"title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0055",
"datePublished": "2023-01-04T00:00:00.000Z",
"dateReserved": "2023-01-04T00:00:00.000Z",
"dateUpdated": "2025-04-09T15:32:47.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1240 (GCVE-0-2024-1240)
Vulnerability from nvd – Published: 2024-11-15 10:57 – Updated: 2024-11-15 19:07
VLAI?
Summary
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
Severity ?
4.6 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < pyload-ng 0.5.0b3.dev79
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:payload:payload:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "payload",
"vendor": "payload",
"versions": [
{
"lessThan": "pyload-ng 0.5.0b3.dev79",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1240",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T19:04:11.868290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T19:07:26.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "pyload-ng 0.5.0b3.dev79",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the \u0027next\u0027 parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:07.797Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e"
},
{
"url": "https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd"
}
],
"source": {
"advisory": "eef9513d-ccc3-4030-b574-374c5e7b887e",
"discovery": "EXTERNAL"
},
"title": "Open Redirection in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-1240",
"datePublished": "2024-11-15T10:57:07.797Z",
"dateReserved": "2024-02-05T22:31:20.037Z",
"dateUpdated": "2024-11-15T19:07:26.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0488 (GCVE-0-2023-0488)
Vulnerability from nvd – Published: 2023-01-26 00:00 – Updated: 2025-03-31 16:47
VLAI?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.
Severity ?
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev42
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0488",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:46:52.053308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:47:00.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev42",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a"
},
{
"url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd"
}
],
"source": {
"advisory": "4311d8d7-682c-4f2a-b92c-3f9f1a36255a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0488",
"datePublished": "2023-01-26T00:00:00.000Z",
"dateReserved": "2023-01-25T00:00:00.000Z",
"dateUpdated": "2025-03-31T16:47:00.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0509 (GCVE-0-2023-0509)
Vulnerability from nvd – Published: 2023-01-26 00:00 – Updated: 2025-03-31 16:45
VLAI?
Summary
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.
Severity ?
7.4 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev44
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31a8e839"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/a9098bdf7406e6faf9df3da6ff2d584e90c13bbb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0509",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:45:22.563280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:45:30.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev44",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31a8e839"
},
{
"url": "https://github.com/pyload/pyload/commit/a9098bdf7406e6faf9df3da6ff2d584e90c13bbb"
}
],
"source": {
"advisory": "a370e0c2-a41c-4871-ad91-bc6f31a8e839",
"discovery": "EXTERNAL"
},
"title": "Improper Certificate Validation in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0509",
"datePublished": "2023-01-26T00:00:00.000Z",
"dateReserved": "2023-01-26T00:00:00.000Z",
"dateUpdated": "2025-03-31T16:45:30.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0435 (GCVE-0-2023-0435)
Vulnerability from nvd – Published: 2023-01-22 00:00 – Updated: 2025-04-02 15:50
VLAI?
Summary
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.
Severity ?
4 (Medium)
CWE
- CWE-1125 - Excessive Attack Surface
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev41
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a3e32ad5-caee-4f43-b10a-4a876d4e3f1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/431ea6f0371d748df66b344a05ca1a8e0310cff3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0435",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:49:55.092645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:50:20.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev41",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1125",
"description": "CWE-1125 Excessive Attack Surface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-22T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a3e32ad5-caee-4f43-b10a-4a876d4e3f1d"
},
{
"url": "https://github.com/pyload/pyload/commit/431ea6f0371d748df66b344a05ca1a8e0310cff3"
}
],
"source": {
"advisory": "a3e32ad5-caee-4f43-b10a-4a876d4e3f1d",
"discovery": "EXTERNAL"
},
"title": "Excessive Attack Surface in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0435",
"datePublished": "2023-01-22T00:00:00.000Z",
"dateReserved": "2023-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-02T15:50:20.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0434 (GCVE-0-2023-0434)
Vulnerability from nvd – Published: 2023-01-22 00:00 – Updated: 2025-04-02 15:51
VLAI?
Summary
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.
Severity ?
5.4 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev40
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae01dad4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0434",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:51:18.168203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:51:41.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev40",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-22T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae01dad4"
},
{
"url": "https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104"
}
],
"source": {
"advisory": "7d9332d8-6997-483b-9fb9-bcf2ae01dad4",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0434",
"datePublished": "2023-01-22T00:00:00.000Z",
"dateReserved": "2023-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-02T15:51:41.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0297 (GCVE-0-2023-0297)
Vulnerability from nvd – Published: 2023-01-14 00:00 – Updated: 2025-04-07 18:41
VLAI?
Summary
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Severity ?
9.8 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev31
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:54.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0297",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:41:46.711629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:41:55.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65"
},
{
"url": "https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d"
},
{
"url": "http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html"
}
],
"source": {
"advisory": "3fd606f7-83e1-4265-b083-2e1889a05e65",
"discovery": "EXTERNAL"
},
"title": " Code Injection in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0297",
"datePublished": "2023-01-14T00:00:00.000Z",
"dateReserved": "2023-01-14T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:41:55.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0227 (GCVE-0-2023-0227)
Vulnerability from nvd – Published: 2023-01-12 00:00 – Updated: 2025-04-08 13:39
VLAI?
Summary
Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.
Severity ?
8.3 (High)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev36
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/af3101d7-fea6-463a-b7e4-a48be219e31b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/c035714c0596b704b11af0f8a669352f128ad2d9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:38:58.951499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T13:39:15.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev36",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/af3101d7-fea6-463a-b7e4-a48be219e31b"
},
{
"url": "https://github.com/pyload/pyload/commit/c035714c0596b704b11af0f8a669352f128ad2d9"
}
],
"source": {
"advisory": "af3101d7-fea6-463a-b7e4-a48be219e31b",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0227",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2023-01-12T00:00:00.000Z",
"dateUpdated": "2025-04-08T13:39:15.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0057 (GCVE-0-2023-0057)
Vulnerability from nvd – Published: 2023-01-05 00:00 – Updated: 2025-04-09 15:33
VLAI?
Summary
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.
Severity ?
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev33
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/12b64f91-d048-490c-94b0-37514b6d694d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/bd2a31b7de54570b919aa1581d486e6ee18c0f64"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0057",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:23:29.067149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:33:56.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev33",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/12b64f91-d048-490c-94b0-37514b6d694d"
},
{
"url": "https://github.com/pyload/pyload/commit/bd2a31b7de54570b919aa1581d486e6ee18c0f64"
}
],
"source": {
"advisory": "12b64f91-d048-490c-94b0-37514b6d694d",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of Rendered UI Layers or Frames in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0057",
"datePublished": "2023-01-05T00:00:00.000Z",
"dateReserved": "2023-01-04T00:00:00.000Z",
"dateUpdated": "2025-04-09T15:33:56.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0055 (GCVE-0-2023-0055)
Vulnerability from nvd – Published: 2023-01-04 00:00 – Updated: 2025-04-09 15:32
VLAI?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.
Severity ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Affected:
unspecified , < 0.5.0b3.dev32
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:24:08.895936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:32:47.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyload/pyload",
"vendor": "pyload",
"versions": [
{
"lessThan": "0.5.0b3.dev32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-04T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce"
},
{
"url": "https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703"
}
],
"source": {
"advisory": "ed88e240-99ff-48a1-bf32-8e1ef5f13cce",
"discovery": "EXTERNAL"
},
"title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in pyload/pyload"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0055",
"datePublished": "2023-01-04T00:00:00.000Z",
"dateReserved": "2023-01-04T00:00:00.000Z",
"dateUpdated": "2025-04-09T15:32:47.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}