Improper Input Validation in pyload/pyload
CVE-2023-0434

7.5HIGH

Key Information:

Vendor: Pyload
Status: Pyload/pyload
Vendor: CVE Published:; 22 January 2023

Summary

The vulnerability in the Pyload project arises from improper input validation, enabling potentially malicious users to exploit weaknesses in the software before version 0.5.0b3.dev40. This flaw could allow attackers to manipulate inputs, leading to unintended behaviors or security breaches. Developers and users should ensure they are using the updated versions and implement proper input validation techniques in their applications.

Affected Version(s)

pyload/pyload < 0.5.0b3.dev40

References

https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae...

https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 22, 2023
Vulnerability Reserved
Jan 21, 2023