CVE-2024-21644

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 8, 2024

Updated: Jan 11, 2024

CWE ID 284

Summary

CVE-2024-21644 affects pyLoad, a free and open-source download manager written in Python. This vulnerability allows unauthenticated users to access sensitive configuration information, including the `SECRET_KEY` variable, by browsing to a specific URL. This issue poses a risk for unauthorized access and potential data breaches. Users are advised to upgrade to pyLoad version 0.5.0b3.dev77 to apply the patch and mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uEk7qd
https://www.cve.org/CVERecord?id=CVE-2024-21644
https://nvd.nist.gov/vuln/detail/CVE-2024-21644

Back to Vulnerability Database

CVE-2024-21644

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations