Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/46946?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46946?format=api", "vulnerability_id": "VCID-3355-ps9v-7ffh", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\npyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.", "aliases": [ { "alias": "CVE-2024-24808" }, { "alias": "GHSA-g3cm-qg2v-2hj5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48566?format=api", "purl": "pkg:pypi/pyload-ng@0.5.0b3.dev79", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k5h-nhcv-cke9" }, { "vulnerability": "VCID-6ujx-ntw5-s7dy" }, { "vulnerability": "VCID-73d4-um61-k7ht" }, { "vulnerability": "VCID-9rb6-kh78-sbdf" }, { "vulnerability": "VCID-h66k-vm3m-c3b6" }, { "vulnerability": "VCID-hsc6-6qgc-q3eg" }, { "vulnerability": "VCID-jxej-fugb-3ydh" }, { "vulnerability": "VCID-ng6u-saxg-dbf9" }, { "vulnerability": "VCID-p22h-1rtx-bkcy" }, { "vulnerability": "VCID-x15r-v69w-yuaj" }, { "vulnerability": "VCID-x1ek-3cgq-skh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyload-ng@0.5.0b3.dev79" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24808", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02357", "scoring_system": "epss", "scoring_elements": "0.85234", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24808" }, { "reference_url": "https://github.com/pyload/pyload", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyload/pyload" }, { "reference_url": "https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:57:09Z/" } ], "url": "https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24808", "reference_id": "CVE-2024-24808", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24808" }, { "reference_url": "https://github.com/advisories/GHSA-g3cm-qg2v-2hj5", "reference_id": "GHSA-g3cm-qg2v-2hj5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g3cm-qg2v-2hj5" }, { "reference_url": "https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5", "reference_id": "GHSA-g3cm-qg2v-2hj5", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:57:09Z/" } ], "url": "https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 601, "name": "URL Redirection to Untrusted Site ('Open Redirect')", "description": "A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3355-ps9v-7ffh" }