tornado@5.1 vulnerabilities
Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.
-
latest version
6.4.1
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
4 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the tornado package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to HTTP Request Smuggling due to the handling of multiple How to fix HTTP Request Smuggling? Upgrade |
[,6.4.1)
|
tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') through the How to fix Improper Neutralization of CRLF Sequences ('CRLF Injection')? Upgrade |
[,6.4.1)
|
tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to HTTP Request Smuggling via the Notes:
How to fix HTTP Request Smuggling? Upgrade |
[,6.3.3)
|
tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the Note: Exploiting this vulnerability is possible if Tornado is deployed behind certain proxies that interpret non-standard characters differently, such as older versions of haproxy. How to fix HTTP Request Smuggling? Upgrade |
[,6.3.3)
|
tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Open Redirect via the Note: This vulnerability is still under analysis and we are following up with the maintainers to confirm it. How to fix Open Redirect? Upgrade |
[,6.3.2)
|