Vulnerability Description
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pyload | Pyload | <= 0.4.9 |
Related Weaknesses (CWE)
References
- https://github.com/pyload/pyload/commit/4159a1191ec4fe6d927e57a9c4bb8f54e16c381dPatch
- https://github.com/pyload/pyload/security/advisories/GHSA-ghmw-rwh8-6qmrExploitVendor Advisory
- https://github.com/pyload/pyload/commit/4159a1191ec4fe6d927e57a9c4bb8f54e16c381dPatch
- https://github.com/pyload/pyload/security/advisories/GHSA-ghmw-rwh8-6qmrExploitVendor Advisory
FAQ
What is CVE-2024-21645?
CVE-2024-21645 is a vulnerability with a CVSS score of 5.3 (MEDIUM). pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages int...
How severe is CVE-2024-21645?
CVE-2024-21645 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-21645?
Check the references section above for vendor advisories and patch information. Affected products include: Pyload Pyload.