PyPi: Tornado

CVE-2025-47287

Safety vulnerability ID: 77319

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 15, 2025 Updated at Jun 06, 2025
Scan your Python projects for vulnerabilities →

Advisory

When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

Affected package

tornado

Latest version: 6.5.1

Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application