pyload-ng: Improper Authentication and Origin Validation Error

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @local_check decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints, enabling attackers to remotely queue arbitrary downloads, leading to Server-Side Request Forgery (SSRF) and Denial of Service (DoS). This issue has been patched in version 0.5.0b3.dev97.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

认证机制不恰当

pyLoad 访问控制错误漏洞

pyLoad是pyLoad开源的一个用 Python 编写的免费开源下载管理器。 pyLoad 0.5.0b3.dev97之前版本存在访问控制错误漏洞，该漏洞源于@local_check装饰器存在主机标头欺骗，可能导致未经身份验证的外部攻击者绕过本地限制并触发服务器端请求伪造和拒绝服务。

N/A

N/A