CVE-2024-24808: 
Python vulnerability analysis and mitigation

CVE-2024-24808 affects pyLoad (pyload-ng), an open-source Download Manager written in Python. The vulnerability was discovered and disclosed on February 5, 2024, affecting versions <= 0.5.0. This is an open redirect vulnerability that occurs due to incorrect validation of input values when redirecting users after login (GitHub Advisory).

The vulnerability exists in the get_redirect_url function where URLs are validated during user login redirections. The issue stems from improper validation in the is_safe_url function, which fails to properly validate URLs. When unusual URLs like 'https:///example.com' are entered, the urlparse function interprets it as a relative path, but during actual requests, it gets normalized to 'https://example.com', bypassing the intended security checks (GitHub Advisory). The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (Moderate) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N.

An attacker can exploit this vulnerability to redirect users to malicious websites, potentially facilitating phishing attacks and similar malicious activities. The vulnerability requires user interaction but can lead to unauthorized redirection to arbitrary domains (GitHub Advisory).

A fix has been implemented in commit fe94451, which modifies the URL validation logic in the is_safe_url function and updates the handling of redirect URLs (GitHub Commit). However, no official patched version has been released yet.