CVE-2024-21645

Description

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.

GitHub, Inc.
Severity: MEDIUM
CVE ID: CVE-2024-21645
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2024-21645

Refrence: Project Discovery GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept