PYSEC-2021-129

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

Tornado Environment Issue Vulnerability

Tornado is a Python web framework and asynchronous networking library from the Tornado community. The library scales to thousands of open connections through the use of non-blocking network I/O, making it ideal for long-time polling, WebSockets, and other applications that require long-term...