CVE-2023-0435 : Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.

Published 2023-01-22 22:15:10

Updated 2023-01-31 18:47:46

Source huntr.dev

View at NVD, CVE.org

Products affected by CVE-2023-0435

Pyload » Pyload
Versions up to, including, (<=) 0.4.20
cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 50 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	2.5	1.4	huntr.dev
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-1125 Excessive Attack Surface

The product has an attack surface whose quantitative measurement exceeds a desirable maximum.

Assigned by: security@huntr.dev (Secondary)

https://github.com/pyload/pyload/commit/431ea6f0371d748df66b344a05ca1a8e0310cff3

use patched MooTools-More.min.js for CVE-2021-20088 · pyload/pyload@431ea6f · GitHub
Patch;Third Party Advisory
https://huntr.dev/bounties/a3e32ad5-caee-4f43-b10a-4a876d4e3f1d

Mootools-more 1.6.0 is use which is potential vulnerable to CVE-2021-20088 vulnerability found in pyload
Exploit;Patch;Third Party Advisory

Jump to