Search for vulnerabilities
Vulnerability details: VCID-9bab-qq7f-aaah
Vulnerability ID VCID-9bab-qq7f-aaah
Aliases CVE-2023-28370
GHSA-hj3f-6gcp-jg8j
PYSEC-2023-75
Summary Open redirect in Tornado
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28370.json
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00308 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.0043 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.0043 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.0043 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.00652 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
epss 0.01284 https://api.first.org/data/v1/epss?cve=CVE-2023-28370
cvssv3.1 3.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-hj3f-6gcp-jg8j
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-hj3f-6gcp-jg8j
cvssv3.1 6.1 https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml
cvssv3.1 6.1 https://github.com/tornadoweb/tornado
generic_textual MODERATE https://github.com/tornadoweb/tornado
cvssv3.1 6.1 https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
generic_textual MODERATE https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
cvssv3.1 6.1 https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
generic_textual MODERATE https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
ssvc Track https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
cvssv3.1 6.1 https://jvn.jp/en/jp/JVN45127776
generic_textual MODERATE https://jvn.jp/en/jp/JVN45127776
cvssv3.1 6.1 https://jvn.jp/en/jp/JVN45127776/
ssvc Track https://jvn.jp/en/jp/JVN45127776/
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-28370
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-28370
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28370.json
https://api.first.org/data/v1/epss?cve=CVE-2023-28370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml
https://github.com/tornadoweb/tornado
https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
https://jvn.jp/en/jp/JVN45127776
https://jvn.jp/en/jp/JVN45127776/
1036875 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036875
2210199 https://bugzilla.redhat.com/show_bug.cgi?id=2210199
cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*
CVE-2023-28370 https://nvd.nist.gov/vuln/detail/CVE-2023-28370
GHSA-hj3f-6gcp-jg8j https://github.com/advisories/GHSA-hj3f-6gcp-jg8j
RHSA-2023:6523 https://access.redhat.com/errata/RHSA-2023:6523
USN-6159-1 https://usn.ubuntu.com/6159-1/
USN-7150-1 https://usn.ubuntu.com/7150-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28370.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/tornadoweb/tornado
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:19:04Z/ Found at https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://jvn.jp/en/jp/JVN45127776
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://jvn.jp/en/jp/JVN45127776/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:19:04Z/ Found at https://jvn.jp/en/jp/JVN45127776/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28370
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28370
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.44238
EPSS Score 0.00107
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.