HIGH 7.5 PyPI
GHSA-f7fv-v9rh-prvc · CVE-2012-2374, PYSEC-2012-5 Tornado CRLF injection vulnerability
수정: 2024. 11. 18.
package
PyPI / tornado
pkg:pypi/tornado
HIGH 7.2 PyPI
GHSA-fqwm-6jpj-5wxc · CVE-2026-35536 Tornado has cookie attribute injection via .RequestHandler.set_cookie
수정: 2026. 5. 11.
MEDIUM 6.1 PyPI
GHSA-hj3f-6gcp-jg8j · CVE-2023-28370, PYSEC-2023-75 Open redirect in Tornado
수정: 2025. 11. 4.
HIGH 7.5 PyPI
GHSA-qjxf-f2mg-c6mc · CVE-2026-31958, PYSEC-2026-140 Tornado is vulnerable to DoS due to too many multipart parts
수정: 2026. 6. 8.
MEDIUM PyPI
GHSA-qppv-j76h-2rpx Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths
수정: 2024. 11. 28.
MEDIUM 6.5 PyPI
GHSA-w235-7p84-xx57 Tornado has a CRLF injection in CurlAsyncHTTPClient headers
수정: 2026. 2. 4.
— PyPI
PYSEC-2012-5 · CVE-2012-2374, GHSA-f7fv-v9rh-prvc 수정: 2024. 5. 1.
— PyPI
PYSEC-2020-213 · CVE-2014-9720, GHSA-8vpw-mgpf-mpvv 수정: 2024. 2. 1.
MEDIUM 5.3 PyPI
GHSA-753j-mpmx-qq6g Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
수정: 2026. 2. 4.
MEDIUM 5.4 PyPI
GHSA-78cv-mqj4-43f7 Tornado has incomplete validation of cookie attributes
수정: 2026. 3. 14.
HIGH 7.5 PyPI
GHSA-7cx3-6m66-7c5m · CVE-2025-47287 Tornado vulnerable to excessive logging caused by malformed multipart form data
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-8vpw-mgpf-mpvv · CVE-2014-9720, PYSEC-2020-213 Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
수정: 2024. 11. 13.
HIGH 7.5 PyPI
GHSA-8w49-h785-mj3c · CVE-2024-52804 Tornado has an HTTP cookie parsing DoS vulnerability
수정: 2026. 2. 4.
— PyPI
PYSEC-2023-75 · CVE-2023-28370, GHSA-hj3f-6gcp-jg8j 수정: 2023. 11. 8.
HIGH 7.5 PyPI
PYSEC-2026-140 · CVE-2026-31958, GHSA-qjxf-f2mg-c6mc 수정: 2026. 5. 20.