5 matches found
Updated python-tornado packages fix security vulnerabilities
Tornado vulnerable to Header Injection and XSS via reason argument. CVE-2025-67724 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing. CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters. CVE-2025-67726...
CVE-2025-67724
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
CVE-2025-67724 Tornado vulnerable to Header Injection and XSS via reason argument
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
CVE-2025-67724 Tornado vulnerable to Header Injection and XSS via reason argument
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
PT-2022-22498 · Unknown · Human Resource Management System
Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: A problematic issue has been found in the Human Resource Management System, affecting an unknown part of the Leave Handler component. The manipulation of the Reason argument leads to...