VYPR

rpm package

suse/python-tornado&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

pkg:rpm/suse/python-tornado&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Vulnerabilities (4)

  • CVE-2026-31958HigMar 11, 2026
    affected < 4.5.3-150000.3.19.1fixed 4.5.3-150000.3.19.1

    Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this cre

  • CVE-2025-67726Dec 12, 2025
    affected < 4.5.3-150000.3.13.1fixed 4.5.3-150000.3.13.1

    Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to parse specific HTTP header va

  • CVE-2025-67725Dec 12, 2025
    affected < 4.5.3-150000.3.13.1fixed 4.5.3-150000.3.13.1

    Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using stri

  • CVE-2025-47287May 15, 2025
    affected < 4.5.3-150000.3.10.1fixed 4.5.3-150000.3.10.1

    Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high vo