Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-f9wx-gf1u-7bgc
Vulnerability ID VCID-f9wx-gf1u-7bgc
Aliases GHSA-3wwm-hjv7-23r3
Summary Pyload log Injection via API /json/add_package in add_name parameter A log injection vulnerability was identified in `pyload` in API `/json/add_package`. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by `pyload`.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 4.3 https://github.com/pyload/pyload
generic_textual MODERATE https://github.com/pyload/pyload
cvssv3.1 4.3 https://github.com/pyload/pyload/commit/ddf8a48b83aaf36052b08732c424cffcf9ffccca
generic_textual MODERATE https://github.com/pyload/pyload/commit/ddf8a48b83aaf36052b08732c424cffcf9ffccca
cvssv3.1 4.3 https://github.com/pyload/pyload/security/advisories/GHSA-3wwm-hjv7-23r3
generic_textual MODERATE https://github.com/pyload/pyload/security/advisories/GHSA-3wwm-hjv7-23r3
Reference id Reference type URL
https://github.com/pyload/pyload
https://github.com/pyload/pyload/commit/ddf8a48b83aaf36052b08732c424cffcf9ffccca
GHSA-3wwm-hjv7-23r3 https://github.com/advisories/GHSA-3wwm-hjv7-23r3
GHSA-3wwm-hjv7-23r3 https://github.com/pyload/pyload/security/advisories/GHSA-3wwm-hjv7-23r3
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/pyload/pyload
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/pyload/pyload/commit/ddf8a48b83aaf36052b08732c424cffcf9ffccca
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/pyload/pyload/security/advisories/GHSA-3wwm-hjv7-23r3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-04T16:24:30.023658+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyload-ng/GHSA-3wwm-hjv7-23r3.yml 38.6.0