Lucene search
PRIOn knowledge basePRION:CVE-2024-21644HistoryJan 08, 2024 - 2:15 p.m.
Design/Logic Flaw
2024-01-0814:15:00
PRIOn knowledge base
www.prio-n.com
2
pyload download manager
design flaw
logic flaw
patched
version 0.5.0b3.dev77
nvd
unauthenticated user
flask config
secret_key exposure
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. This issue has been patched in version 0.5.0b3.dev77.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pyload | le | 0.4.9 | |
| pyload | eq | 0.5.0 beta1 | |
| pyload | eq | 0.5.0 beta2 |
Related
cvelist
cvelist
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage
2024-01-08 13:20:55
osv
osv
CVE-2024-21644
2024-01-08 14:15:47
pyload Unauthenticated Flask Configuration Leakage vulnerability
2024-01-08 15:40:39
cve
cve
CVE-2024-21644
2024-01-08 14:15:47
nuclei
nuclei
pyLoad Flask Config - Access Control
2024-01-29 16:33:24
githubexploit
githubexploit
Exploit for Improper Access Control in Pyload
2024-03-30 01:00:31
veracode
veracode
Information Disclosure
2024-01-09 06:36:14
github
github
pyload Unauthenticated Flask Configuration Leakage vulnerability
2024-01-08 15:40:39
nvd
nvd
CVE-2024-21644
2024-01-08 14:15:47