7 matches found
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-017333)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017333 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-005918)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005918 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...
CVE-2025-47287
Summary: CVE-2025-47287 affects Tornado (Python Tornado) where the multipart/form-data parser can log an excessive amount of messages and continue parsing, causing a DoS due to synchronous logging. All versions prior to 6.5.0 are affected; a patch is available in Tornado 6.5.0/6.50. Affects: Torn...
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...
CVE-2025-47287 Tornado vulnerable to excessive logging caused by malformed multipart form data
Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...
Tornado Environment Issue Vulnerability
Tornado is a Python web framework and asynchronous networking library from the Tornado community. The library scales to thousands of open connections through the use of non-blocking network I/O, making it ideal for long-time polling, WebSockets, and other applications that require long-term...