pkg:Debian/python-tornado

All known vulnerabilities

• HIGH7.5CVE-2026-31958Tornado is vulnerable to DoS due to too many multipart parts
  from 0, < 6.1.0-1+deb11u4
• HIGH7.5CVE-2025-67726Tornado is a Python web framework and asynchronous networking library.
  from 0, < 6.1.0-1+deb11u3
• HIGH7.5CVE-2025-67725Tornado is a Python web framework and asynchronous networking library.
  from 0, < 6.1.0-1+deb11u3
• HIGH7.5CVE-2025-47287Tornado vulnerable to excessive logging caused by malformed multipart form data
  from 0, < 6.2.0-3+deb12u2
• HIGH7.5CVE-2025-47287Tornado vulnerable to excessive logging caused by malformed multipart form data
  from 0, < 6.1.0-1+deb11u2
• HIGH7.5CVE-2025-47287Tornado vulnerable to excessive logging caused by malformed multipart form data
  from 0, < 6.1.0-1+deb11u2
• HIGH7.5CVE-2024-52804Tornado has an HTTP cookie parsing DoS vulnerability
  from 0, < 6.1.0-1+deb11u1
• HIGH7.5CVE-2012-2374Tornado CRLF injection vulnerability
  from 0, < 2.1.0-3
• HIGH7.2CVE-2026-35536Tornado has cookie attribute injection via .RequestHandler.set_cookie
  from 0, < 6.1.0-1+deb11u4
• MEDIUM6.5CVE-2014-9720Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
  from 0, < 2.3-2+deb7u1
• MEDIUM6.5CVE-2014-9720Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
  from 0, < 3.2.2-1
• MEDIUM6.5CVE-2014-9720Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
  from 0, < 1.0.1-1+deb6u1
• MEDIUM6.1CVE-2025-67724python-tornado - security update
  from 0, < 6.1.0-1+deb11u3
• MEDIUM6.1CVE-2025-67724python-tornado - security update
  from 0, < 6.1.0-1+deb11u3
• MEDIUM6.1CVE-2023-28370Open redirect in Tornado
  from 0, < 6.1.0-1+deb11u1
• MEDIUM6.1CVE-2023-28370Open redirect in Tornado
  from 0, < 6.1.0-1+deb11u1
• —CVE-2013-2099bzr - security update
  from 0, < 2.4.1-3