GHSA-QPPV-J76H-2RPX Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths
Summary Tornado interprets -, +, and in chunk length and Content-Length values, which are not allowed by the HTTP RFCs. This can result in request smuggling when Tornado is deployed behind certain proxies that interpret those non-standard characters differently. This is known to apply to older...