CVE-2024-21644

HIGH

CVSS v3

7.5

HIGH

EPSS Score

86.5%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.

Technical Details

Published
1/8/2024

Frequently Asked Questions

What is CVE-2024-21644?

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.

Is CVE-2024-21644 actively exploited?

Active exploitation of CVE-2024-21644 has not been confirmed. The EPSS score is 86.5%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-21644?

CVE-2024-21644 has a CVSS v3 base score of 7.5 (HIGH severity).

Is CVE-2024-21644 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.