Home > Vulnerability Database > CVE-2024-53995

Mend.io Vulnerability Database

CVE-2024-53995

Date: January 8, 2025

SickChill is an automatic video library manager for TV shows. A user-controlled "login" endpoint's "next_" parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to "settings.DEFAULT_PAGE" instead of to the "next" parameter.

Severity Score

3.5

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53995

Url: https://github.com/SickChill/sickchill/pull/8811

Url: https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33

Url: https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill

Url: https://github.com/SickChill/sickchill

Url: https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill/

Url: https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82

Url: https://www.mend.io/vulnerability-database/CVE-2024-53995

Severity Score

3.5

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53995

Date: January 8, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?