CVE-2024-53995

Name of the Vulnerable Software and Affected Versions SickChill versions prior to commit c7128a8946c3701df95c285810eb75b2de18bf82

Description The issue concerns an open redirect in the login endpoint of SickChill, an automatic video library manager for TV shows. A user-controlled login endpoint's next parameter takes arbitrary content, allowing an authenticated attacker to redirect the user to arbitrary destinations. This is possible because the login page redirects to the next parameter. The commit c7128a8946c3701df95c285810eb75b2de18bf82 changes this behavior, redirecting instead to settings.DEFAULT PAGE.

Recommendations For versions prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, update to a version that includes the commit c7128a8946c3701df95c285810eb75b2de18bf82 to resolve the issue. As a temporary workaround, consider restricting access to the login endpoint or disabling the next parameter to minimize the risk of exploitation.