CVE-2024-53995

N/A Unknown
Published: January 08, 2025 Modified: April 15, 2026
View on NVD

Description

SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33
Source: security-advisories@github.com
https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82
Source: security-advisories@github.com
https://github.com/SickChill/sickchill/pull/8811
Source: security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill/
Source: security-advisories@github.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.2%
79th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-601

Related CVEs

CVE-2026-35548 N/A
CVE-2026-6862 5.5
CVE-2026-6861 6.1
CVE-2026-6859 8.8
CVE-2026-6356 9.6