CVE-2024-21645: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

January 8, 2024

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.

References

github.com/advisories/GHSA-ghmw-rwh8-6qmr
github.com/pyload/pyload/commit/4159a1191ec4fe6d927e57a9c4bb8f54e16c381d
github.com/pyload/pyload/security/advisories/GHSA-ghmw-rwh8-6qmr
nvd.nist.gov/vuln/detail/CVE-2024-21645

Code Behaviors & Features

Detect and mitigate CVE-2024-21645 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →