Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2024-52804

Medium priority
Fixed

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when...

1 affected package

python-tornado

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-tornado Fixed Fixed Fixed Fixed Not affected
Show less packages

CVE-2023-28370

Medium priority

Some fixes available 5 of 11

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

2 affected packages

python-tornado, salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-tornado Not affected Fixed Fixed Fixed Fixed
salt Not in release Needs evaluation Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2014-9720

Low priority
Ignored

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of...

1 affected package

python-tornado

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-tornado Not affected Not affected
Show less packages

CVE-2013-2099

Low priority

Some fixes available 5 of 41

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...

10 affected packages

bzr, linkchecker, python2.7, python3.1, python3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzr Not affected Not affected Not affected Not affected Not affected
linkchecker Not affected Not affected Not in release Not affected Not affected
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.1 Not in release Not in release Not in release Not in release Not in release
python3.2 Not in release Not in release Not in release Not in release Not in release
python3.3 Not in release Not in release Not in release Not in release Not in release
python-tornado Not affected Not affected Not affected Not affected Not affected
python-urllib3 Not affected Not affected Not affected Not affected Not affected
w3af Not in release Not in release Not in release Not in release Vulnerable
zeroinstall-injector Not affected Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages

CVE-2012-2374

Medium priority
Fixed

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

1 affected package

python-tornado

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-tornado
Show less packages