Safety vulnerability ID: 73964
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of pyLoad are vulnerable to path traversal via the storage_folder configuration setting. This vulnerability allows attackers to write files to arbitrary locations by manipulating the storage_folder path, potentially leading to arbitrary file writes and code execution. The vulnerability exists in the Core.init and Api.set_config_value functions where storage paths aren't properly validated. Attackers with access to configuration settings can exploit this through the web interface. Users should update to the version which implements proper path validation and restriction checks.
Latest version: 0.5.0b3.dev87
The free and open-source Download Manager written in pure Python
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application