CVE-2024-24808

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 6, 2024

Updated: Feb 13, 2024

CWE ID 601

Summary

CVE-2024-24808 is a newly identified vulnerability affecting pyLoad, an open-source download manager written in Python. The issue stems from a lack of proper input validation during the `get_redirect_url` function, leading to an open redirect vulnerability. After a user logs into pyLoad, incorrectly validated URLs could redirect them to malicious websites, potentially exposing sensitive information. This vulnerability has been mitigated with the patch in commit fe94451.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uWlfPy
https://www.cve.org/CVERecord?id=CVE-2024-24808
https://nvd.nist.gov/vuln/detail/CVE-2024-24808

Back to Vulnerability Database

CVE-2024-24808

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations