Vulnerability Details : CVE-2023-0434
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.
Vulnerability category: Input validation
Products affected by CVE-2023-0434
- cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
- cpe:2.3:a:pyload:pyload:0.5.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:pyload:pyload:0.5.0:beta2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0434
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0434
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
0.2
|
5.2
|
huntr.dev | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-0434
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- security@huntr.dev (Secondary)
References for CVE-2023-0434
-
https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae01dad4
Improper String/Integer Input Validation Leads to the Crashing of Site vulnerability found in pyloadExploit;Patch;Third Party Advisory
-
https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104
validate time config values · pyload/pyload@a2b1eb1 · GitHubPatch;Third Party Advisory
Jump to