Security Update Advisory for python pyload Package (CVE-2024-22416)

Jan 18 2024

Overview

An update has been made available to fix vulnerabilities in the pyload package, the python open source download manager package. Users of affected versions are advised to update to the latest version.

Affected Products

All versions of the python pyload package 0.5.0b3.dev77 and earlier

Resolved Vulnerabilities

CSRF vulnerability for all API calls leading to administrator privilege escalation (CVE-2024-22416)

Vulnerability Patches

Vulnerability patches were made available in the January 18, 2024 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

python pyload package version 0.5.0b3.dev78

Referenced Sites

[1] CVE-2024-22416 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-22416#range-10267320
[2] fix GHSA-pgpj-v85q-h5fm security advisory
https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc
[3] fix GHSA-pgpj-v85q-h5fm security advisory (2)
https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e
[4] Cross-Site Request Forgery (CSRF) on any API call leading to admin privilege escalation
https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm

Security Update Advisory for python pyload Package (CVE-2024-22416)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Atlassian Confluence Suite Security Update Advisory (CVE-2023-22527)

VMware Aria Automation Product Security Update Advisory (CVE-2023-34063)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Atlassian Confluence Suite Security Update Advisory (CVE-2023-22527)

VMware Aria Automation Product Security Update Advisory (CVE-2023-34063)