pyload-ng@0.5.0b3.dev95 vulnerabilities

The free and open-source Download Manager written in pure Python

latest version

0.5.0b3.dev96

first published

6 years ago

latest version published

29 days ago

licenses detected

AGPL-3.0
[0,)

View pyload-ng package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pyload-ng package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Relative Path Traversal pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Relative Path Traversal via the `edit_package()` function when processing the `pack_folder` parameter. An attacker can overwrite arbitrary files on the system by supplying crafted recursive traversal sequences. How to fix Relative Path Traversal? A fix was pushed into the `master` branch but not yet published.	[0,)
H Cross-site Scripting (XSS) pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via unsanitized parameters in the `cnl_blueprint.py`. An attacker can execute arbitrary JavaScript code in the context of a user's browser session by submitting crafted requests containing malicious payloads. This can lead to impersonation of users, theft of authentication tokens, and unauthorized actions performed on behalf of the victim. How to fix Cross-site Scripting (XSS)? A fix was pushed into the `master` branch but not yet published.	[0,)

Relative Path Traversal

pyload-ng is a The free and open-source Download Manager written in pure Python

Affected versions of this package are vulnerable to Relative Path Traversal via the edit_package() function when processing the pack_folder parameter. An attacker can overwrite arbitrary files on the system by supplying crafted recursive traversal sequences.

How to fix Relative Path Traversal?

A fix was pushed into the master branch but not yet published.

[0,)

Cross-site Scripting (XSS)

pyload-ng is a The free and open-source Download Manager written in pure Python

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via unsanitized parameters in the cnl_blueprint.py. An attacker can execute arbitrary JavaScript code in the context of a user's browser session by submitting crafted requests containing malicious payloads. This can lead to impersonation of users, theft of authentication tokens, and unauthorized actions performed on behalf of the victim.

How to fix Cross-site Scripting (XSS)?

A fix was pushed into the master branch but not yet published.

[0,)

Go back to all versions of this package