VYPR
High severityNVD Advisory· Published Jan 8, 2024· Updated Jun 17, 2025

pyLoad unauthenticated flask configuration leakage

CVE-2024-21644

Description

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. This issue has been patched in version 0.5.0b3.dev77.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pyload-ngPyPI
< 0.5.0b3.dev770.5.0b3.dev77

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.