CVE-2023-28370
Description
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
CWE
- CWE-601 — CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Affected
- tornadoweb / Tornado — v=versions 6.3.1 and earlier [affected]
CVSS
- (none)
References
Source
cvelistV5-main/cves/2023/28xxx/CVE-2023-28370.json