CRITICAL 9.8
GHSA-pf38-5p22-x6h6
Code Injection in pyload-ng
Details
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / pyload-ng
Introduced in:
0 Fixed in: 0.5.0b3.dev31 Fix
pip install --upgrade 'pyload-ng>=0.5.0b3.dev31' References
- https://nvd.nist.gov/vuln/detail/CVE-2023-0297 [ADVISORY]
- https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d [WEB]
- https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65 [WEB]
- http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html [WEB]
- http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html [WEB]