Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. https://jvn.jp/en/jp/JVN45127776/ https://github.com/tornadoweb/tornado/releases/tag/v6.3.2
Created python-tornado tracking bugs for this issue: Affects: epel-8 [bug 2210201] Affects: fedora-37 [bug 2210202] Affects: fedora-38 [bug 2210203] Affects: openstack-rdo [bug 2210204]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6523 https://access.redhat.com/errata/RHSA-2023:6523