Open Redirect Vulnerability in Tornado Web Framework
CVE-2023-28370

6.1MEDIUM

Key Information:

Vendor: Tornadoweb
Status: Tornado
Vendor: CVE Published:; 25 May 2023

What is CVE-2023-28370?

An open redirect vulnerability discovered in Tornado versions 6.3.1 and earlier allows attackers to manipulate URL redirection. This poses a risk as malicious actors can reroute unsuspecting users to external sites via specially crafted URLs. Such an exploit can facilitate phishing attacks, leading users to potentially harmful or deceptive web pages without their knowledge. It is crucial for users of affected Tornado versions to apply the patches available in the latest releases to safeguard against these types of attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tornado versions 6.3.1 and earlier

References

https://github.com/tornadoweb/tornado/releases/tag/v6.3.2

https://jvn.jp/en/jp/JVN45127776/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 25, 2023
Vulnerability Reserved
May 11, 2023

JSON

Tornadoweb