pyload-ng@0.5.0a5.dev539 vulnerabilities
The free and open-source Download Manager written in pure Python
-
latest version
0.5.0b3.dev87
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
21 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the pyload-ng package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Command Injection via the How to fix Command Injection? Upgrade |
[,0.5.0b3.dev87)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') through the Note: Any pyload-ng doesn't use js2py for python3.12 or above. How to fix Improper Control of Generation of Code ('Code Injection')? Upgrade |
[,0.5.0b3.dev87)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the ability to change the download folder and upload a crafted template. An attacker can execute arbitrary code on the server by uploading a malicious template file to a specified folder and then navigating to a URL that renders the uploaded template. How to fix Unrestricted Upload of File with Dangerous Type? Upgrade |
[,0.5.0b3.dev85)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Open Redirect via the How to fix Open Redirect? Upgrade |
[,0.5.0b3.dev79)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to the API accepting GET requests without proper validation. An attacker can perform unauthorized actions on behalf of a legitimate user due to the session cookie not being set to How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[,0.5.0b3.dev78)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. An attacker can inject arbitrary messages into the logs via the username, which could be used to obscure their activities or falsely implicate another individual in malicious actions. How to fix Improper Output Neutralization for Logs? Upgrade |
[,0.5.0b3.dev77)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory due to improper handling of a specific URL which exposes the Flask config, including the How to fix Insertion of Sensitive Information into Externally-Accessible File or Directory? Upgrade |
[,0.5.0b3.dev77)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal when the How to fix Directory Traversal? Upgrade |
[,0.5.0b3.dev75)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in How to fix Cross-site Scripting (XSS)? Upgrade |
[,0.5.0b3.dev42)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Input Validation in the form of insufficient SSL certificate verification in How to fix Improper Input Validation? Upgrade |
[,0.5.0b3.dev44)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Input Validation via the How to fix Improper Input Validation? Upgrade |
[0,0.5.0b3.dev40)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Arbitrary Code Injection via the How to fix Arbitrary Code Injection? Upgrade |
[,0.5.0b3.dev31)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration in How to fix Insufficient Session Expiration? Upgrade |
[0,0.5.0b3.dev38)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames which leads to clickjacking attacks due to the lack of frame restrictions. How to fix Improper Restriction of Rendered UI Layers or Frames? Upgrade |
[,0.5.0b3.dev33)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute due to missing the How to fix Sensitive Cookie in HTTPS Session Without "Secure" Attribute? Upgrade |
[,0.5.0b3.dev32)
|
pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Prototype Pollution via the How to fix Prototype Pollution? Upgrade |
[,0.5.0b3.dev41)
|