Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/tornado@6.4.2
Typepypi
Namespace
Nametornado
Version6.4.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.5.5
Latest_non_vulnerable_version6.5.5
Affected_by_vulnerabilities
0
url VCID-62bx-a5uf-j3b4
vulnerability_id VCID-62bx-a5uf-j3b4
summary 
Tornado vulnerable to excessive logging caused by malformed multipart form data
### Summary

When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

### Affected versions

All versions of Tornado prior to 6.5 are affected. The vulnerable parser is enabled by default.

### Solution

Upgrade to Tornado version 6.5. In the meantime, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47287
reference_id
reference_type
scores
0
value 0.01164
scoring_system epss
scoring_elements 0.78668
published_at 2026-04-24T12:55:00Z
1
value 0.01164
scoring_system epss
scoring_elements 0.78638
published_at 2026-04-21T12:55:00Z
2
value 0.01164
scoring_system epss
scoring_elements 0.78641
published_at 2026-04-18T12:55:00Z
3
value 0.01164
scoring_system epss
scoring_elements 0.78643
published_at 2026-04-16T12:55:00Z
4
value 0.01164
scoring_system epss
scoring_elements 0.78614
published_at 2026-04-13T12:55:00Z
5
value 0.01164
scoring_system epss
scoring_elements 0.78622
published_at 2026-04-12T12:55:00Z
6
value 0.01164
scoring_system epss
scoring_elements 0.7864
published_at 2026-04-11T12:55:00Z
7
value 0.01164
scoring_system epss
scoring_elements 0.78616
published_at 2026-04-09T12:55:00Z
8
value 0.01164
scoring_system epss
scoring_elements 0.78609
published_at 2026-04-08T12:55:00Z
9
value 0.01164
scoring_system epss
scoring_elements 0.78603
published_at 2026-04-04T12:55:00Z
10
value 0.01164
scoring_system epss
scoring_elements 0.78571
published_at 2026-04-02T12:55:00Z
11
value 0.01164
scoring_system epss
scoring_elements 0.78584
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/
url https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m
7
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47287
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47287
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886
reference_id 1105886
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366703
reference_id 2366703
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366703
11
reference_url https://github.com/advisories/GHSA-7cx3-6m66-7c5m
reference_id GHSA-7cx3-6m66-7c5m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cx3-6m66-7c5m
12
reference_url https://access.redhat.com/errata/RHSA-2025:8135
reference_id RHSA-2025:8135
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8135
13
reference_url https://access.redhat.com/errata/RHSA-2025:8136
reference_id RHSA-2025:8136
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8136
14
reference_url https://access.redhat.com/errata/RHSA-2025:8223
reference_id RHSA-2025:8223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8223
15
reference_url https://access.redhat.com/errata/RHSA-2025:8226
reference_id RHSA-2025:8226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8226
16
reference_url https://access.redhat.com/errata/RHSA-2025:8254
reference_id RHSA-2025:8254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8254
17
reference_url https://access.redhat.com/errata/RHSA-2025:8279
reference_id RHSA-2025:8279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8279
18
reference_url https://access.redhat.com/errata/RHSA-2025:8290
reference_id RHSA-2025:8290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8290
19
reference_url https://access.redhat.com/errata/RHSA-2025:8291
reference_id RHSA-2025:8291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8291
20
reference_url https://access.redhat.com/errata/RHSA-2025:8323
reference_id RHSA-2025:8323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8323
21
reference_url https://access.redhat.com/errata/RHSA-2025:8664
reference_id RHSA-2025:8664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8664
22
reference_url https://usn.ubuntu.com/7547-1/
reference_id USN-7547-1
reference_type
scores
url https://usn.ubuntu.com/7547-1/
fixed_packages
0
url pkg:pypi/tornado@6.5
purl pkg:pypi/tornado@6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-jbwv-ayru-8fgm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.5
aliases CVE-2025-47287, GHSA-7cx3-6m66-7c5m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62bx-a5uf-j3b4
1
url VCID-be89-uuxa-fyb5
vulnerability_id VCID-be89-uuxa-fyb5
summary 
Tornado is vulnerable to DoS due to too many multipart parts
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. 

Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31958
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08476
published_at 2026-04-11T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08482
published_at 2026-04-09T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08464
published_at 2026-04-08T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08392
published_at 2026-04-07T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08472
published_at 2026-04-04T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08419
published_at 2026-04-02T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09383
published_at 2026-04-24T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.09304
published_at 2026-04-12T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.0929
published_at 2026-04-13T12:55:00Z
9
value 0.00032
scoring_system epss
scoring_elements 0.09182
published_at 2026-04-16T12:55:00Z
10
value 0.00032
scoring_system epss
scoring_elements 0.09181
published_at 2026-04-18T12:55:00Z
11
value 0.00032
scoring_system epss
scoring_elements 0.09332
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31958
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839
6
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
7
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:55:43Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc
8
reference_url https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31958
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31958
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507
reference_id 1130507
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446765
reference_id 2446765
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446765
12
reference_url https://github.com/advisories/GHSA-qjxf-f2mg-c6mc
reference_id GHSA-qjxf-f2mg-c6mc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjxf-f2mg-c6mc
13
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
14
reference_url https://access.redhat.com/errata/RHSA-2026:8093
reference_id RHSA-2026:8093
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8093
fixed_packages
0
url pkg:pypi/tornado@6.5.5
purl pkg:pypi/tornado@6.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.5.5
aliases CVE-2026-31958, GHSA-qjxf-f2mg-c6mc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be89-uuxa-fyb5
2
url VCID-jbwv-ayru-8fgm
vulnerability_id VCID-jbwv-ayru-8fgm
summary 
Tornado has incomplete validation of cookie attributes
Values passed to the `domain`, `path`, and `samesite` arguments of `RequestHandler.set_cookie` were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes.
references
0
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
1
reference_url https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104
2
reference_url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/releases/tag/v6.5.5
3
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7
4
reference_url https://github.com/advisories/GHSA-78cv-mqj4-43f7
reference_id GHSA-78cv-mqj4-43f7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-78cv-mqj4-43f7
fixed_packages
0
url pkg:pypi/tornado@6.5.5
purl pkg:pypi/tornado@6.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.5.5
aliases GHSA-78cv-mqj4-43f7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbwv-ayru-8fgm
Fixing_vulnerabilities
0
url VCID-3y8v-vsd8-ubba
vulnerability_id VCID-3y8v-vsd8-ubba
summary 
Tornado has an HTTP cookie parsing DoS vulnerability
The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.

See also CVE-2024-7592 for a similar vulnerability in cpython.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52804
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30869
published_at 2026-04-04T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30688
published_at 2026-04-07T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.3082
published_at 2026-04-02T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.30697
published_at 2026-04-18T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30715
published_at 2026-04-16T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30691
published_at 2026-04-13T12:55:00Z
6
value 0.00118
scoring_system epss
scoring_elements 0.30737
published_at 2026-04-12T12:55:00Z
7
value 0.00118
scoring_system epss
scoring_elements 0.30781
published_at 2026-04-11T12:55:00Z
8
value 0.00118
scoring_system epss
scoring_elements 0.30778
published_at 2026-04-09T12:55:00Z
9
value 0.00118
scoring_system epss
scoring_elements 0.30746
published_at 2026-04-08T12:55:00Z
10
value 0.00145
scoring_system epss
scoring_elements 0.34762
published_at 2026-04-21T12:55:00Z
11
value 0.00145
scoring_system epss
scoring_elements 0.34525
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52804
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c
7
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52804
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112
reference_id 1088112
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2328045
reference_id 2328045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2328045
11
reference_url https://github.com/advisories/GHSA-7pwv-g7hj-39pr
reference_id GHSA-7pwv-g7hj-39pr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/advisories/GHSA-7pwv-g7hj-39pr
12
reference_url https://github.com/advisories/GHSA-8w49-h785-mj3c
reference_id GHSA-8w49-h785-mj3c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w49-h785-mj3c
13
reference_url https://access.redhat.com/errata/RHSA-2024:10590
reference_id RHSA-2024:10590
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10590
14
reference_url https://access.redhat.com/errata/RHSA-2024:10836
reference_id RHSA-2024:10836
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10836
15
reference_url https://access.redhat.com/errata/RHSA-2024:10843
reference_id RHSA-2024:10843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10843
16
reference_url https://access.redhat.com/errata/RHSA-2025:2470
reference_id RHSA-2025:2470
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2470
17
reference_url https://access.redhat.com/errata/RHSA-2025:2471
reference_id RHSA-2025:2471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2471
18
reference_url https://access.redhat.com/errata/RHSA-2025:2550
reference_id RHSA-2025:2550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2550
19
reference_url https://access.redhat.com/errata/RHSA-2025:2872
reference_id RHSA-2025:2872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2872
20
reference_url https://access.redhat.com/errata/RHSA-2025:2955
reference_id RHSA-2025:2955
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2955
21
reference_url https://access.redhat.com/errata/RHSA-2025:2956
reference_id RHSA-2025:2956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2956
22
reference_url https://access.redhat.com/errata/RHSA-2025:3108
reference_id RHSA-2025:3108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3108
23
reference_url https://access.redhat.com/errata/RHSA-2025:3109
reference_id RHSA-2025:3109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3109
24
reference_url https://usn.ubuntu.com/7150-1/
reference_id USN-7150-1
reference_type
scores
url https://usn.ubuntu.com/7150-1/
fixed_packages
0
url pkg:pypi/tornado@6.4.2
purl pkg:pypi/tornado@6.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-62bx-a5uf-j3b4
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-jbwv-ayru-8fgm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4.2
aliases CVE-2024-52804, GHSA-8w49-h785-mj3c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y8v-vsd8-ubba
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4.2