Workflow

Tornado

Latest version: v6.4.2

Vulnerabilities (8)

CVE/PVE Vulnerability ID Advisory Affected versions Severity Severity Score
CVE-2024-52804 74439

Tornado web framework affected versions contain a performance vulnera…
  • <6.4.2
 - -
PVE-2024-71956 71956

Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to …
  • <6.4.1
 - -
PVE-2024-71957 71957

When Tornado receives a request with two Transfer-Encoding: chunked h…
  • <=6.4.0
 - -
PVE-2023-99925 61949

Summary: Tornado's interpretation of symbols `-`, `+`, and `_` within…
  • <6.3.3
 - -
CVE-2023-28370 59071

Tornado 6.3.2 includes a fix for CVE-2023-28370: Open redirect vulner…
  • <6.3.2
 MEDIUM 6.1
PVE-2023-99976 60832

The versions of Tornado from v3.1.0 to v4.2.0 contain a path traversa…
  • >=3.1.0,<4.2.1
 - -
CVE-2012-2374 26161

CRLF injection vulnerability in the tornado.web.RequestHandler.set_he…
  • <2.2.1
 MEDIUM 5.0
CVE-2014-9720 54090

Tornado before 3.2.2 sends arbitrary responses that contain a fixed C…
  • >=0,<3.2.2
 MEDIUM 6.5