Explore top 10 tips to secure your open-source projects now. Read More
×
Tornado could be made to redirect users to arbitrary web site if it opened a
specially crafted URL.
Software Description:
- python-tornado: scalable, non-blocking web server and tools - documentation
Details:
It was discovered that Tornado incorrectly handled certain redirect.
An remote attacker could possibly use this issue to redirect a user to an
arbitrary web site and conduct a phishing attack by having user access a
specially crafted URL.
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: python3-tornado 6.2.0-3ubuntu0.1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): python-tornado 4.2.1-1ubuntu3.1+esm1 python3-tornado 4.2.1-1ubuntu3.1+esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6159-1
CVE-2023-28370
Get the latest Linux and open source security news straight to your inbox.