rpm package
suse/python-tornado&distro=SUSE Linux Enterprise Server 15 SP6-LTSS
pkg:rpm/suse/python-tornado&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-31958 | Hig | 7.5 | < 4.5.3-150000.3.19.1 | 4.5.3-150000.3.19.1 | Mar 11, 2026 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this cre | |
| CVE-2025-67726 | — | < 4.5.3-150000.3.13.1 | 4.5.3-150000.3.13.1 | Dec 12, 2025 | Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to parse specific HTTP header va | ||
| CVE-2025-67725 | — | < 4.5.3-150000.3.13.1 | 4.5.3-150000.3.13.1 | Dec 12, 2025 | Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using stri |
- affected < 4.5.3-150000.3.19.1fixed 4.5.3-150000.3.19.1
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this cre
- CVE-2025-67726Dec 12, 2025affected < 4.5.3-150000.3.13.1fixed 4.5.3-150000.3.13.1
Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to parse specific HTTP header va
- CVE-2025-67725Dec 12, 2025affected < 4.5.3-150000.3.13.1fixed 4.5.3-150000.3.13.1
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using stri