rpm package
suse/python-tornado&distro=SUSE Manager Client Tools 12
pkg:rpm/suse/python-tornado&distro=SUSE%20Manager%20Client%20Tools%2012
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-67726 | — | < 4.2.1-17.13.1 | 4.2.1-17.13.1 | Dec 12, 2025 | Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to parse specific HTTP header va | ||
| CVE-2025-67725 | — | < 4.2.1-17.13.1 | 4.2.1-17.13.1 | Dec 12, 2025 | Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using stri | ||
| CVE-2025-47287 | — | < 4.2.1-17.10.1 | 4.2.1-17.10.1 | May 15, 2025 | Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high vo | ||
| CVE-2023-28370 | — | < 4.2.1-17.7.1 | 4.2.1-17.7.1 | May 25, 2023 | Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. |
- CVE-2025-67726Dec 12, 2025affected < 4.2.1-17.13.1fixed 4.2.1-17.13.1
Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to parse specific HTTP header va
- CVE-2025-67725Dec 12, 2025affected < 4.2.1-17.13.1fixed 4.2.1-17.13.1
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using stri
- CVE-2025-47287May 15, 2025affected < 4.2.1-17.10.1fixed 4.2.1-17.10.1
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high vo
- CVE-2023-28370May 25, 2023affected < 4.2.1-17.7.1fixed 4.2.1-17.7.1
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.