7 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-017333)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017333 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has...
Fedora: Security Advisory (FEDORA-2025-db6e9bb7fb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
python-tornado security update
An update is available for python-tornado. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tornado is a Python web framework and asynchronous networking library...
CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...
Medium: python-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...
RHEL 9 : python-tornado (RHSA-2024:10843)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:10843 advisory. Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and...
MGASA-2016-0418 Updated python-tornado package fixes security vulnerability
A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...