PYSEC-2023-75 — Vulnetix

PYSEC-2023-75 PUBLISHED

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

Affected Products

Vendor	Product	Versions
PyPI	tornado	0, 1.2, 1.2.1

Timeline

May 25, 2023 CVE Published
Nov 8, 2023 CVE Updated

References

https://jvn.jp/en/jp/JVN45127776/ url
https://github.com/tornadoweb/tornado/releases/tag/v6.3.2 fix

Open in Interactive Console →