CVE-2023-28370

Published: May 25, 2023

Modified: Nov 3, 2025

PUBLISHED

Description

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

Vendor	Product	Versions
tornadoweb	Tornado	affected `versions 6.3.1 and earlier`

References

https://github.com/tornadoweb/tornado/releases/tag/v6.3.2

https://jvn.jp/en/jp/JVN45127776/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-28370

Description

Affected Products

References