Open Redirect Vulnerability in Tornado Web Framework
CVE-2023-28370
6.1MEDIUM
What is CVE-2023-28370?
An open redirect vulnerability discovered in Tornado versions 6.3.1 and earlier allows attackers to manipulate URL redirection. This poses a risk as malicious actors can reroute unsuspecting users to external sites via specially crafted URLs. Such an exploit can facilitate phishing attacks, leading users to potentially harmful or deceptive web pages without their knowledge. It is crucial for users of affected Tornado versions to apply the patches available in the latest releases to safeguard against these types of attacks.
Affected Version(s)
Tornado versions 6.3.1 and earlier
