Search for vulnerabilities
| Vulnerability ID | VCID-xgcy-vqcp-43dj |
| Aliases |
GHSA-25pw-q952-x37g
|
| Summary | Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. ## Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | HIGH | https://github.com/Marven11/CVE-2024-39205-Pyload-RCE/tree/main |
| generic_textual | HIGH | https://github.com/pyload/pyload |
| generic_textual | HIGH | https://github.com/pyload/pyload/security/advisories/GHSA-r9pp-r4xf-597r |
| generic_textual | HIGH | https://nvd.nist.gov/vuln/detail/CVE-2024-39205 |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/Marven11/CVE-2024-39205-Pyload-RCE/tree/main | ||
| https://github.com/pyload/pyload | ||
| CVE-2024-39205 | https://nvd.nist.gov/vuln/detail/CVE-2024-39205 | |
| GHSA-25pw-q952-x37g | https://github.com/advisories/GHSA-25pw-q952-x37g | |
| GHSA-r9pp-r4xf-597r | https://github.com/pyload/pyload/security/advisories/GHSA-r9pp-r4xf-597r |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:22:28.422136+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyload-ng/GHSA-25pw-q952-x37g.yml | 38.6.0 |