Hugging Face's logo

Spaces:
Pingsz
/
open-envs
Running

App Files Community
open-envs / data /cve_cache /PyPI__tornado.json
user.email
Align submission flow and deployment
a17ec91
raw
history blame contribute delete
2.35 kB
[
 {
 "cve_id": "GHSA-753j-mpmx-qq6g",
 "osv_id": "GHSA-753j-mpmx-qq6g",
 "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado",
 "cvss_score": 8.0,
 "severity": "HIGH",
 "fixed_version": "6.4.1",
 "published": "2024-06-06T21:41:20Z",
 "ecosystem": "PyPI",
 "package": "tornado"
 },
 {
 "cve_id": "GHSA-78cv-mqj4-43f7",
 "osv_id": "GHSA-78cv-mqj4-43f7",
 "summary": "Tornado has incomplete validation of cookie attributes",
 "cvss_score": 8.0,
 "severity": "HIGH",
 "fixed_version": "6.5.5",
 "published": "2026-03-11T22:17:00Z",
 "ecosystem": "PyPI",
 "package": "tornado"
 },
 {
 "cve_id": "CVE-2025-47287",
 "osv_id": "GHSA-7cx3-6m66-7c5m",
 "summary": "Tornado vulnerable to excessive logging caused by malformed multipart form data",
 "cvss_score": 9.5,
 "severity": "CRITICAL",
 "fixed_version": "6.5",
 "published": "2025-05-16T14:12:40Z",
 "ecosystem": "PyPI",
 "package": "tornado"
 },
 {
 "cve_id": "CVE-2024-52804",
 "osv_id": "GHSA-8w49-h785-mj3c",
 "summary": "Tornado has an HTTP cookie parsing DoS vulnerability",
 "cvss_score": 9.5,
 "severity": "CRITICAL",
 "fixed_version": "6.4.2",
 "published": "2024-11-22T20:26:41Z",
 "ecosystem": "PyPI",
 "package": "tornado"
 },
 {
 "cve_id": "CVE-2026-35536",
 "osv_id": "GHSA-fqwm-6jpj-5wxc",
 "summary": "Tornado has cookie attribute injection via .RequestHandler.set_cookie",
 "cvss_score": 8.0,
 "severity": "HIGH",
 "fixed_version": "6.5.5",
 "published": "2026-04-03T06:31:31Z",
 "ecosystem": "PyPI",
 "package": "tornado"
 },
 {
 "cve_id": "CVE-2026-31958",
 "osv_id": "GHSA-qjxf-f2mg-c6mc",
 "summary": "Tornado is vulnerable to DoS due to too many multipart parts",
 "cvss_score": 9.5,
 "severity": "CRITICAL",
 "fixed_version": "6.5.5",
 "published": "2026-03-12T14:19:52Z",
 "ecosystem": "PyPI",
 "package": "tornado"
 },
 {
 "cve_id": "GHSA-w235-7p84-xx57",
 "osv_id": "GHSA-w235-7p84-xx57",
 "summary": "Tornado has a CRLF injection in CurlAsyncHTTPClient headers",
 "cvss_score": 8.0,
 "severity": "HIGH",
 "fixed_version": "6.4.1",
 "published": "2024-06-06T21:46:31Z",
 "ecosystem": "PyPI",
 "package": "tornado"
 }
]