AI description
Automated description summarized from trusted sources.
CVE-2024-32880 is a vulnerability identified in pyLoad, an open-source download manager developed in Python. This flaw enables an authenticated user to alter the designated download folder. By exploiting this ability, an attacker can upload a specially crafted template file to the modified download directory. This action can lead to remote code execution (RCE) through server-side template injection (SSTI).
- Description
- pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-434
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
9