How severe is CVE-2024-21645?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-21645?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-21645

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-74

View all →

Vulnerability Description

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.

CVE-2010-4658

MEDIUM

CVSS:5.3(Medium)

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.

CWE-742010

CVE-2011-3624

MEDIUM

CVSS:5.3(Medium)

Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote a...

CWE-742011

CVE-2013-4578

MEDIUM

CVSS:5.3(Medium)

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper fil...

CWE-742013

CVE-2013-7324

MEDIUM

CVSS:5.3(Medium)

Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavio...

CWE-742013