GHSA-6gf2-ffq8-gcww

Suggest an improvement
Source
https://github.com/advisories/GHSA-6gf2-ffq8-gcww
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-6gf2-ffq8-gcww/GHSA-6gf2-ffq8-gcww.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6gf2-ffq8-gcww
Aliases
Published
2025-01-08T22:03:58Z
Modified
2025-01-08T22:27:19.181215Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:P CVSS Calculator
Summary
GHSL-2024-288: SickChill open redirect in login
Details

SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next_ parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to settings.DEFAULT_PAGE instead of to the next parameter.

Database specific
{
    "nvd_published_at": "2025-01-08T21:15:12Z",
    "cwe_ids": [
        "CWE-601"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-08T22:03:58Z"
}
References

Affected packages

PyPI / sickchill

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2024.3.1

Affected versions

2020.*

2020.9.7.post3
2020.9.7.post4
2020.9.8.post1
2020.9.9.post1
2020.9.9.post2
2020.9.10.post3
2020.9.11.post2
2020.9.11.post3
2020.9.12.post1
2020.9.12.post2
2020.9.13.post1
2020.9.16.post2
2020.9.16.post3
2020.9.20.post2
2020.9.20.post5
2020.9.20.post6
2020.9.20.post7
2020.9.21.post1
2020.9.21.post2
2020.9.22.post1
2020.9.22.post2
2020.9.22.post3
2020.9.22.post4
2020.9.22.post5
2020.9.23.post1
2020.9.23.post2
2020.9.24.post3
2020.9.26.post1
2020.9.28.post1
2020.9.28.post2
2020.10.22.post2
2020.11.16.post1
2020.11.24.post1

2021.*

2021.2.2.post3
2021.2.5.post1
2021.2.13.post1
2021.2.14.post1
2021.2.15.post1
2021.2.15.post2
2021.2.15.post3
2021.2.17.post1
2021.3.7.post1
2021.3.7.post2
2021.3.10.post1
2021.3.28.post3
2021.4.5.post1
2021.4.6
2021.4.6-1
2021.4.6.post2
2021.4.6.post3
2021.4.6.post4
2021.4.10
2021.5.6-1
2021.5.10
2021.5.10-1
2021.6.16
2021.7.12-2
2021.7.12-4
2021.7.12-6
2021.7.13-1
2021.7.13-2
2021.7.13-3
2021.7.13-4
2021.7.14-1
2021.7.14-8
2021.7.22-5
2021.7.22-8
2021.7.23
2021.7.23-1
2021.11.7
2021.11.10

2022.*

2022.2.16
2022.2.17
2022.2.17.post1
2022.2.17.post2
2022.2.17.post3
2022.2.20
2022.7.20
2022.8.14
2022.8.15
2022.8.22
2022.8.29
2022.9.14
2022.9.17
2022.9.22
2022.9.26
2022.9.28
2022.10.8
2022.10.13

2023.*

2023.1.2
2023.5.24
2023.5.28
2023.5.30
2023.6.27

2024.*

2024.1.8
2024.1.8.post1
2024.1.8.post3
2024.1.31
2024.2.2
2024.2.17
2024.2.18
2024.2.20
2024.2.20.204434
2024.2.27
2024.3.1