Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

GHSA-25pw-q952-x37g

Published Oct 28, 2024 · Modified Nov 28, 2024

Description

This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references.

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.

Ready to move

Free, no credit card | First findings in minutes