漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
pyLoad: Path Traversal via Package Folder Name in set_package_data
Vulnerability Description
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary directories as download locations for a package. This vulnerability is fixed in 0.5.0b3.dev100.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
pyLoad 路径遍历漏洞
Vulnerability Description
pyLoad是pyLoad开源的一个用 Python 编写的免费开源下载管理器。 pyLoad 0.5.0b3.dev100之前版本存在路径遍历漏洞,该漏洞源于set_package_data() API函数中文件夹名称未经清理,可能导致具有Perms.MODIFY权限的用户指定任意目录作为包的下载位置。
CVSS Information
N/A
Vulnerability Type
N/A