Which versions of Open Redirect are affected by CVE-2024-53995?

CVE-2024-53995 is a low-severity vulnerability in SickChill (CVSS 1.9). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

Is there a public PoC exploit available for CVE-2024-53995?

Yes, a public proof-of-concept exploit is available for CVE-2024-53995. Prioritise patching immediately. EPSS: 1.2%.

How to fix or mitigate CVE-2024-53995?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Open Redirect CVE-2024-53995

Q: What is the CVSS score of CVE-2024-53995?

CVE-2024-53995 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 1.2%.

LOW

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2025-01-08 security-advisories@github.com

Open Redirect

1.9

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

1.9 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:02 vuln.today

CVE Published

Jan 08, 2025 - 21:15 nvd

LOW 1.9

DescriptionGitHub Advisory

SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next_ parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to settings.DEFAULT_PAGE instead of to the next parameter.

AnalysisAI

SickChill is an automatic video library manager for TV shows. Rated low severity (CVSS 1.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Open Redirect (CWE-601), which allows attackers to redirect users to malicious websites via URL manipulation. SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next_ parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to settings.DEFAULT_PAGE instead of to the next parameter.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate redirect destinations against an allowlist, avoid using user input in redirect URLs.