Search CVE reports
1 – 7 of 7 results
Some fixes available 5 of 8
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows...
1 affected package
python-tornado
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-tornado | Fixed | Fixed | Ignored | Ignored |
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when...
1 affected package
python-tornado
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-tornado | Fixed | Fixed | Fixed | Fixed |
Some fixes available 5 of 11
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
2 affected packages
python-tornado, salt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-tornado | Not affected | Fixed | Fixed | Fixed |
| salt | Not in release | Needs evaluation | Not in release | Needs evaluation |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-23336. Reason: This candidate is a reservation duplicate of CVE-2021-23336. Notes: All CVE users should reference CVE-2021-23336 instead of this candidate....
2 affected packages
python-tornado, python-tornado4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-tornado | — | — | Vulnerable | Vulnerable |
| python-tornado4 | — | — | Vulnerable | Not in release |
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of...
1 affected package
python-tornado
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-tornado | — | — | — | Not affected |
Some fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, w3af, linkchecker, python-tornado, python-urllib3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bzr | Not affected | Not affected | Not affected | Not affected |
| w3af | Not in release | Not in release | Not in release | Not in release |
| linkchecker | Not affected | Not affected | Not in release | Not affected |
| python-tornado | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected |
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.1 | Not in release | Not in release | Not in release | Not in release |
| python3.2 | Not in release | Not in release | Not in release | Not in release |
| python3.3 | Not in release | Not in release | Not in release | Not in release |
| zeroinstall-injector | Not affected | Not affected | Not affected | Not affected |
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
1 affected package
python-tornado
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-tornado | — | — | — | — |