Improper Certificate Validation in pyload/pyload
CVE-2023-0509

7.4HIGH

Key Information:

Vendor: Pyload
Status: Pyload/pyload
Vendor: CVE Published:; 26 January 2023

Summary

The vulnerability in the Pyload application stems from an improper validation of SSL/TLS certificates, which can lead to security risks such as man-in-the-middle attacks. Users of versions prior to 0.5.0b3.dev44 are encouraged to update to the latest version to patch this vulnerability and enhance their application security. For further information, please refer to the commit details and security reports linked in the references.

Affected Version(s)

pyload/pyload < 0.5.0b3.dev44

References

https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31...

https://github.com/pyload/pyload/commit/a9098bdf7406e6faf...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 26, 2023