All vulnerabilities
CVE-2023-28370
Open redirect in Tornado
Description
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgrading
Score
6.1
Severity
Medium
Ecosystem
Python
Publish Date
May 25, 2023
Modified Date
June 10, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Versions

