Seal Security

CVE-2023-28370

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

Score Vector

Affected Versions

tornado < 6.3.2

Severity

Ecosystem

Python

Publish Date

May 25, 2023

Modified Date

November 7, 2023