Primary

Context

RansomLook Improper Filtering of Private Location Entries in API Endpoints Leads to Information Exposure

Vulnerability

A vulnerability exists in RansomLook versions prior to 1.9.0, where the API improperly manages private location entries. This issue arises in 'website/web/api/genericapi.py', where the code removes items from a list while iterating over it. As a result, entries designated as private may inadvertently remain in API responses, leading to unauthorized exposure of non-public location data.

Impact

This vulnerability allows for the unauthorized disclosure of sensitive location information that is meant to be private.

Remediation

Users can upgrade to RansomLook version 1.9.0 or later to address this vulnerability.

Added: Apr 21, 2026, 6:10 PM

Updated: Apr 21, 2026, 6:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RansomLook Improper Filtering of Private Location Entries in API Endpoints Leads to Information Exposure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating