Описание
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-tornado | fixed | 6.3.2-1 | package | |
| python-tornado | fixed | 6.2.0-3+deb12u1 | bookworm | package |
| python-tornado | no-dsa | buster | package | |
| salt | removed | package | ||
| salt | end-of-life | buster | package |
Примечания
https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f (v6.3.2)
https://github.com/tornadoweb/tornado/commit/b56245730eb27e36da2ba9a2df3ad753649f8c2a (test case for fix)
EPSS
Связанные уязвимости
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
EPSS