Vulnerabilites related to pyload - pyload/pyload
cve-2023-0488
Vulnerability from cvelistv5
Published
2023-01-26 00:00
Modified
2025-03-31 16:47
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Version: unspecified < 0.5.0b3.dev42 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:56.446Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a", }, { tags: [ "x_transferred", ], url: "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0488", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-31T16:46:52.053308Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-31T16:47:00.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "pyload/pyload", vendor: "pyload", versions: [ { lessThan: "0.5.0b3.dev42", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-26T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a", }, { url: "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd", }, ], source: { advisory: "4311d8d7-682c-4f2a-b92c-3f9f1a36255a", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in pyload/pyload", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0488", datePublished: "2023-01-26T00:00:00.000Z", dateReserved: "2023-01-25T00:00:00.000Z", dateUpdated: "2025-03-31T16:47:00.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0297
Vulnerability from cvelistv5
Published
2023-01-14 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Version: unspecified < 0.5.0b3.dev31 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:54.945Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65", }, { tags: [ "x_transferred", ], url: "https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "pyload/pyload", vendor: "pyload", versions: [ { lessThan: "0.5.0b3.dev31", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65", }, { url: "https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d", }, { url: "http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html", }, { url: "http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html", }, ], source: { advisory: "3fd606f7-83e1-4265-b083-2e1889a05e65", discovery: "EXTERNAL", }, title: " Code Injection in pyload/pyload", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0297", datePublished: "2023-01-14T00:00:00", dateReserved: "2023-01-14T00:00:00", dateUpdated: "2024-08-02T05:10:54.945Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0057
Vulnerability from cvelistv5
Published
2023-01-05 00:00
Modified
2024-08-02 04:54
Severity ?
EPSS score ?
Summary
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Version: unspecified < 0.5.0b3.dev33 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T04:54:32.656Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/12b64f91-d048-490c-94b0-37514b6d694d", }, { tags: [ "x_transferred", ], url: "https://github.com/pyload/pyload/commit/bd2a31b7de54570b919aa1581d486e6ee18c0f64", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "pyload/pyload", vendor: "pyload", versions: [ { lessThan: "0.5.0b3.dev33", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1021", description: "CWE-1021 Improper Restriction of Rendered UI Layers or Frames", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-05T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/12b64f91-d048-490c-94b0-37514b6d694d", }, { url: "https://github.com/pyload/pyload/commit/bd2a31b7de54570b919aa1581d486e6ee18c0f64", }, ], source: { advisory: "12b64f91-d048-490c-94b0-37514b6d694d", discovery: "EXTERNAL", }, title: "Improper Restriction of Rendered UI Layers or Frames in pyload/pyload", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0057", datePublished: "2023-01-05T00:00:00", dateReserved: "2023-01-04T00:00:00", dateUpdated: "2024-08-02T04:54:32.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0055
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-02 04:54
Severity ?
EPSS score ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Version: unspecified < 0.5.0b3.dev32 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T04:54:32.575Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce", }, { tags: [ "x_transferred", ], url: "https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "pyload/pyload", vendor: "pyload", versions: [ { lessThan: "0.5.0b3.dev32", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-614", description: "CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-04T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce", }, { url: "https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703", }, ], source: { advisory: "ed88e240-99ff-48a1-bf32-8e1ef5f13cce", discovery: "EXTERNAL", }, title: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in pyload/pyload", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0055", datePublished: "2023-01-04T00:00:00", dateReserved: "2023-01-04T00:00:00", dateUpdated: "2024-08-02T04:54:32.575Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0434
Vulnerability from cvelistv5
Published
2023-01-22 00:00
Modified
2025-04-02 15:51
Severity ?
EPSS score ?
Summary
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Version: unspecified < 0.5.0b3.dev40 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:56.001Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae01dad4", }, { tags: [ "x_transferred", ], url: "https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0434", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-02T15:51:18.168203Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-02T15:51:41.649Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "pyload/pyload", vendor: "pyload", versions: [ { lessThan: "0.5.0b3.dev40", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-22T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae01dad4", }, { url: "https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104", }, ], source: { advisory: "7d9332d8-6997-483b-9fb9-bcf2ae01dad4", discovery: "EXTERNAL", }, title: "Improper Input Validation in pyload/pyload", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0434", datePublished: "2023-01-22T00:00:00.000Z", dateReserved: "2023-01-21T00:00:00.000Z", dateUpdated: "2025-04-02T15:51:41.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1240
Vulnerability from cvelistv5
Published
2024-11-15 10:57
Modified
2024-11-15 19:07
Severity ?
EPSS score ?
Summary
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Version: unspecified < pyload-ng 0.5.0b3.dev79 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:payload:payload:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "payload", vendor: "payload", versions: [ { lessThan: "pyload-ng 0.5.0b3.dev79", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-1240", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T19:04:11.868290Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T19:07:26.471Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "pyload/pyload", vendor: "pyload", versions: [ { lessThan: "pyload-ng 0.5.0b3.dev79", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 URL Redirection to Untrusted Site", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T10:57:07.797Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/eef9513d-ccc3-4030-b574-374c5e7b887e", }, { url: "https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd", }, ], source: { advisory: "eef9513d-ccc3-4030-b574-374c5e7b887e", discovery: "EXTERNAL", }, title: "Open Redirection in pyload/pyload", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-1240", datePublished: "2024-11-15T10:57:07.797Z", dateReserved: "2024-02-05T22:31:20.037Z", dateUpdated: "2024-11-15T19:07:26.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0509
Vulnerability from cvelistv5
Published
2023-01-26 00:00
Modified
2025-03-31 16:45
Severity ?
EPSS score ?
Summary
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Version: unspecified < 0.5.0b3.dev44 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:49.018Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31a8e839", }, { tags: [ "x_transferred", ], url: "https://github.com/pyload/pyload/commit/a9098bdf7406e6faf9df3da6ff2d584e90c13bbb", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0509", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-31T16:45:22.563280Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-31T16:45:30.444Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "pyload/pyload", vendor: "pyload", versions: [ { lessThan: "0.5.0b3.dev44", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-26T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31a8e839", }, { url: "https://github.com/pyload/pyload/commit/a9098bdf7406e6faf9df3da6ff2d584e90c13bbb", }, ], source: { advisory: "a370e0c2-a41c-4871-ad91-bc6f31a8e839", discovery: "EXTERNAL", }, title: "Improper Certificate Validation in pyload/pyload", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0509", datePublished: "2023-01-26T00:00:00.000Z", dateReserved: "2023-01-26T00:00:00.000Z", dateUpdated: "2025-03-31T16:45:30.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0435
Vulnerability from cvelistv5
Published
2023-01-22 00:00
Modified
2025-04-02 15:50
Severity ?
EPSS score ?
Summary
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Version: unspecified < 0.5.0b3.dev41 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:56.243Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a3e32ad5-caee-4f43-b10a-4a876d4e3f1d", }, { tags: [ "x_transferred", ], url: "https://github.com/pyload/pyload/commit/431ea6f0371d748df66b344a05ca1a8e0310cff3", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0435", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-02T15:49:55.092645Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-02T15:50:20.297Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "pyload/pyload", vendor: "pyload", versions: [ { lessThan: "0.5.0b3.dev41", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1125", description: "CWE-1125 Excessive Attack Surface", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-22T00:00:00.000Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/a3e32ad5-caee-4f43-b10a-4a876d4e3f1d", }, { url: "https://github.com/pyload/pyload/commit/431ea6f0371d748df66b344a05ca1a8e0310cff3", }, ], source: { advisory: "a3e32ad5-caee-4f43-b10a-4a876d4e3f1d", discovery: "EXTERNAL", }, title: "Excessive Attack Surface in pyload/pyload", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0435", datePublished: "2023-01-22T00:00:00.000Z", dateReserved: "2023-01-22T00:00:00.000Z", dateUpdated: "2025-04-02T15:50:20.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0227
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pyload | pyload/pyload |
Version: unspecified < 0.5.0b3.dev36 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.912Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/af3101d7-fea6-463a-b7e4-a48be219e31b", }, { tags: [ "x_transferred", ], url: "https://github.com/pyload/pyload/commit/c035714c0596b704b11af0f8a669352f128ad2d9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "pyload/pyload", vendor: "pyload", versions: [ { lessThan: "0.5.0b3.dev36", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-613", description: "CWE-613 Insufficient Session Expiration", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-12T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/af3101d7-fea6-463a-b7e4-a48be219e31b", }, { url: "https://github.com/pyload/pyload/commit/c035714c0596b704b11af0f8a669352f128ad2d9", }, ], source: { advisory: "af3101d7-fea6-463a-b7e4-a48be219e31b", discovery: "EXTERNAL", }, title: "Insufficient Session Expiration in pyload/pyload", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0227", datePublished: "2023-01-12T00:00:00", dateReserved: "2023-01-12T00:00:00", dateUpdated: "2024-08-02T05:02:43.912Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }