Open redirect in Tornado
Moderate severity
GitHub Reviewed
Published
May 25, 2023
to the GitHub Advisory Database
•
Updated Nov 12, 2023
Description
Published by the National Vulnerability Database
May 25, 2023
Published to the GitHub Advisory Database
May 25, 2023
Reviewed
May 25, 2023
Last updated
Nov 12, 2023
Credits
-
christian-ruiz Analyst
-
bdarnell Analyst
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
References