CVE-2024-53995
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53995
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53995.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53995
- Aliases
- Published
- 2025-01-08T21:15:12Z
- Modified
- 2025-01-09T07:51:21.701814Z
- Summary
- [none]
- Details
-
SickChill is an automatic video library manager for TV shows. A user-controlled
loginendpoint'snext_parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect tosettings.DEFAULT_PAGEinstead of to thenextparameter. - References
-
- https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill/
- https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82
- https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33
- https://github.com/SickChill/sickchill/pull/8811
Affected packages
Git / github.com/sickchill/sickchill
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sickchill/sickchill
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2022.*
2022.02.16
2022.02.17
2022.02.17-1
2022.02.17-2
2022.02.17-3
2022.02.20
2022.07.20
2022.10.13
2022.10.8
2022.7.0
2022.8.14
2022.8.15
2022.8.22
2022.8.22.74751
2022.8.29
2022.8.30
2022.9.14
2022.9.17
2022.9.22
2022.9.26
2022.9.28
2023.*
2023.1.2
2023.10.20
2023.10.20.1
2023.5.24
2023.5.28
2023.5.30
2023.6.27
2024.*
2024.1.31
2024.1.8
2024.1.8-1
2024.1.8-2
2024.1.8-3
2024.2.17
2024.2.18
2024.2.2
2024.2.20
2024.2.20.204434
2024.2.27
2024.3.1