CVE-2024-53995

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53995

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53995.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-53995

Aliases

GHSA-6gf2-ffq8-gcww

Published

2025-01-08T20:44:53Z

Modified

2025-10-20T20:29:35.650215Z

Severity

1.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:P CVSS Calculator

Summary

GHSL-2024-288: SickChill open redirect in login

Details

SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next_ parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to settings.DEFAULT_PAGE instead of to the next parameter.

Database specific

{
    "cwe_ids": [
        "CWE-601"
    ]
}

References

Affected packages

Git / github.com/sickchill/sickchill

Affected ranges

Type: GIT
Repo: https://github.com/sickchill/sickchill
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c7128a8946c3701df95c285810eb75b2de18bf82

Affected versions

2022.*

2022.02.16

2022.02.17

2022.02.17-1

2022.02.17-2

2022.02.17-3

2022.02.20

2022.07.20

2022.10.13

2022.10.8

2022.7.0

2022.8.14

2022.8.15

2022.8.22

2022.8.22.74751

2022.8.29

2022.8.30

2022.9.14

2022.9.17

2022.9.22

2022.9.26

2022.9.28

2023.*

2023.1.2

2023.10.20

2023.10.20.1

2023.5.24

2023.5.28

2023.5.30

2023.6.27

2024.*

2024.1.31

2024.1.8

2024.1.8-1

2024.1.8-2

2024.1.8-3

2024.2.17

2024.2.18

2024.2.2

2024.2.20

2024.2.20.204434

2024.2.27

2024.3.1