Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/76145?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/76145?format=api", "purl": "pkg:pypi/tornado@6.3", "type": "pypi", "namespace": "", "name": "tornado", "version": "6.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.5.5", "latest_non_vulnerable_version": "6.5.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21469?format=api", "vulnerability_id": "VCID-bgqs-ey1s-5fhn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.3675", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36943", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36957", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36929", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52804", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52804" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112", "reference_id": "1088112", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328045", "reference_id": "2328045", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328045" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533", "reference_id": "d5ba4a1695fbf7c6a3e54313262639b198291533", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/" } ], "url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533" }, { "reference_url": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr", "reference_id": "GHSA-7pwv-g7hj-39pr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/" } ], "url": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr" }, { "reference_url": "https://github.com/advisories/GHSA-8w49-h785-mj3c", "reference_id": "GHSA-8w49-h785-mj3c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w49-h785-mj3c" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c", "reference_id": "GHSA-8w49-h785-mj3c", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10590", "reference_id": "RHSA-2024:10590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10836", "reference_id": "RHSA-2024:10836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10843", "reference_id": "RHSA-2024:10843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2470", "reference_id": "RHSA-2025:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2471", "reference_id": "RHSA-2025:2471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2550", "reference_id": "RHSA-2025:2550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2872", "reference_id": "RHSA-2025:2872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2955", "reference_id": "RHSA-2025:2955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2956", "reference_id": "RHSA-2025:2956", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2956" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3108", "reference_id": "RHSA-2025:3108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3109", "reference_id": "RHSA-2025:3109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3109" }, { "reference_url": "https://usn.ubuntu.com/7150-1/", "reference_id": "USN-7150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91204?format=api", "purl": "pkg:pypi/tornado@6.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f1ya-qesa-47eb" }, { "vulnerability": "VCID-hewd-eun7-q7ab" }, { "vulnerability": "VCID-jb5p-19p9-t7du" }, { "vulnerability": "VCID-wjm5-ngw7-qbhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4.2" } ], "aliases": [ "CVE-2024-52804", "GHSA-8w49-h785-mj3c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgqs-ey1s-5fhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360997?format=api", "vulnerability_id": "VCID-cqf7-yfwd-nfdy", "summary": "Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths\n## Summary\nTornado interprets `-`, `+`, and `_` in chunk length and `Content-Length` values, which are not allowed by the HTTP RFCs. This can result in request smuggling when Tornado is deployed behind certain proxies that interpret those non-standard characters differently. This is known to apply to older versions of haproxy, although the current release is not affected.\n\n## Details\nTornado uses the `int` constructor to parse the values of `Content-Length` headers and chunk lengths in the following locations:\n### `tornado/http1connection.py:445`\n```python3\n self._expected_content_remaining = int(headers[\"Content-Length\"])\n```\n### `tornado/http1connection.py:621`\n```python3\n content_length = int(headers[\"Content-Length\"]) # type: Optional[int]\n```\n### `tornado/http1connection.py:671`\n```python3\n chunk_len = int(chunk_len_str.strip(), 16)\n```\nBecause `int(\"0_0\") == int(\"+0\") == int(\"-0\") == int(\"0\")`, using the `int` constructor to parse and validate strings that should contain only ASCII digits is not a good strategy.", "references": [ { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/b7a5dd29bb02950303ae96055082c12a1ea0a4fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/commit/b7a5dd29bb02950303ae96055082c12a1ea0a4fe" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-qppv-j76h-2rpx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-qppv-j76h-2rpx" }, { "reference_url": "https://github.com/advisories/GHSA-qppv-j76h-2rpx", "reference_id": "GHSA-qppv-j76h-2rpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qppv-j76h-2rpx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91201?format=api", "purl": "pkg:pypi/tornado@6.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bgqs-ey1s-5fhn" }, { "vulnerability": "VCID-f1ya-qesa-47eb" }, { "vulnerability": "VCID-hewd-eun7-q7ab" }, { "vulnerability": "VCID-jb5p-19p9-t7du" }, { "vulnerability": "VCID-mpc3-phwa-47az" }, { "vulnerability": "VCID-wjm5-ngw7-qbhd" }, { "vulnerability": "VCID-zhjq-qmgr-qkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3.3" } ], "aliases": [ "GHSA-qppv-j76h-2rpx", "GMS-2023-1908" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqf7-yfwd-nfdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28448?format=api", "vulnerability_id": "VCID-f1ya-qesa-47eb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35536.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35536.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35536", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05255", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05254", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05263", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0527", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35536" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35536", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35536" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132367", "reference_id": "1132367", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454716", "reference_id": "2454716", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454716" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7", "reference_id": "GHSA-78cv-mqj4-43f7", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:12:08Z/" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7" }, { "reference_url": "https://github.com/advisories/GHSA-fqwm-6jpj-5wxc", "reference_id": "GHSA-fqwm-6jpj-5wxc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqwm-6jpj-5wxc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13641", "reference_id": "RHSA-2026:13641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13670", "reference_id": "RHSA-2026:13670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19034", "reference_id": "RHSA-2026:19034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19189", "reference_id": "RHSA-2026:19189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20572", "reference_id": "RHSA-2026:20572", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20573", "reference_id": "RHSA-2026:20573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20577", "reference_id": "RHSA-2026:20577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20810", "reference_id": "RHSA-2026:20810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:24342", "reference_id": "RHSA-2026:24342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:24342" }, { "reference_url": "https://usn.ubuntu.com/8198-1/", "reference_id": "USN-8198-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8198-1/" }, { "reference_url": "https://usn.ubuntu.com/8198-2/", "reference_id": "USN-8198-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8198-2/" }, { "reference_url": "https://github.com/tornadoweb/tornado/releases/tag/v6.5.5", "reference_id": "v6.5.5", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:12:08Z/" } ], "url": "https://github.com/tornadoweb/tornado/releases/tag/v6.5.5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40846?format=api", "purl": "pkg:pypi/tornado@6.5.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.5.5" } ], "aliases": [ "CVE-2026-35536", "GHSA-fqwm-6jpj-5wxc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1ya-qesa-47eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25406?format=api", "vulnerability_id": "VCID-hewd-eun7-q7ab", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01164", "scoring_system": "epss", "scoring_elements": "0.7903", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01164", "scoring_system": "epss", "scoring_elements": "0.79107", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01164", "scoring_system": "epss", "scoring_elements": "0.79109", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01164", "scoring_system": "epss", "scoring_elements": "0.79096", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47287", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47287" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886", "reference_id": "1105886", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366703", "reference_id": "2366703", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366703" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3", "reference_id": "b39b892bf78fe8fea01dd45199aa88307e7162f3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/" } ], "url": "https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3" }, { "reference_url": "https://github.com/advisories/GHSA-7cx3-6m66-7c5m", "reference_id": "GHSA-7cx3-6m66-7c5m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cx3-6m66-7c5m" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m", "reference_id": "GHSA-7cx3-6m66-7c5m", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8135", "reference_id": "RHSA-2025:8135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8136", "reference_id": "RHSA-2025:8136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8223", "reference_id": "RHSA-2025:8223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8226", "reference_id": "RHSA-2025:8226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8254", "reference_id": "RHSA-2025:8254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8279", "reference_id": "RHSA-2025:8279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8290", "reference_id": "RHSA-2025:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8291", "reference_id": "RHSA-2025:8291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8323", "reference_id": "RHSA-2025:8323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8664", "reference_id": "RHSA-2025:8664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8664" }, { "reference_url": "https://usn.ubuntu.com/7547-1/", "reference_id": "USN-7547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7547-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91206?format=api", "purl": "pkg:pypi/tornado@6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f1ya-qesa-47eb" }, { "vulnerability": "VCID-jb5p-19p9-t7du" }, { "vulnerability": "VCID-wjm5-ngw7-qbhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.5" } ], "aliases": [ "CVE-2025-47287", "GHSA-7cx3-6m66-7c5m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hewd-eun7-q7ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28135?format=api", "vulnerability_id": "VCID-jb5p-19p9-t7du", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08467", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08504", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08509", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08506", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31958" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31958" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2026-140.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2026-140.yaml" }, { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31958", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31958" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507", "reference_id": "1130507", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130507" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446765", "reference_id": "2446765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446765" }, { "reference_url": "https://github.com/advisories/GHSA-qjxf-f2mg-c6mc", "reference_id": "GHSA-qjxf-f2mg-c6mc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjxf-f2mg-c6mc" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc", "reference_id": "GHSA-qjxf-f2mg-c6mc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:55:43Z/" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11454", "reference_id": "RHSA-2026:11454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11493", "reference_id": "RHSA-2026:11493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11494", "reference_id": "RHSA-2026:11494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11495", "reference_id": "RHSA-2026:11495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13641", "reference_id": "RHSA-2026:13641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13670", "reference_id": "RHSA-2026:13670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19034", "reference_id": "RHSA-2026:19034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19189", "reference_id": "RHSA-2026:19189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20572", "reference_id": "RHSA-2026:20572", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20573", "reference_id": "RHSA-2026:20573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20577", "reference_id": "RHSA-2026:20577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20810", "reference_id": "RHSA-2026:20810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:24342", "reference_id": "RHSA-2026:24342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:24342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:24977", "reference_id": "RHSA-2026:24977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:24977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8093", "reference_id": "RHSA-2026:8093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8093" }, { "reference_url": "https://usn.ubuntu.com/8198-1/", "reference_id": "USN-8198-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8198-1/" }, { "reference_url": "https://usn.ubuntu.com/8198-2/", "reference_id": "USN-8198-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8198-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40846?format=api", "purl": "pkg:pypi/tornado@6.5.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.5.5" } ], "aliases": [ "CVE-2026-31958", "GHSA-qjxf-f2mg-c6mc", "PYSEC-2026-140" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jb5p-19p9-t7du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212110?format=api", "vulnerability_id": "VCID-mpc3-phwa-47az", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado", "references": [ { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/d65f6e71a77f53a1ff0a0dc55704be13f04eb572", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/commit/d65f6e71a77f53a1ff0a0dc55704be13f04eb572" }, { "reference_url": "https://github.com/advisories/GHSA-753j-mpmx-qq6g", "reference_id": "GHSA-753j-mpmx-qq6g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-753j-mpmx-qq6g" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-753j-mpmx-qq6g", "reference_id": "GHSA-753j-mpmx-qq6g", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-753j-mpmx-qq6g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32049?format=api", "purl": "pkg:pypi/tornado@6.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bgqs-ey1s-5fhn" }, { "vulnerability": "VCID-f1ya-qesa-47eb" }, { "vulnerability": "VCID-hewd-eun7-q7ab" }, { "vulnerability": "VCID-jb5p-19p9-t7du" }, { "vulnerability": "VCID-wjm5-ngw7-qbhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4.1" } ], "aliases": [ "GHSA-753j-mpmx-qq6g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpc3-phwa-47az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15325?format=api", "vulnerability_id": "VCID-sgsh-jsn8-xygx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28370.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28370.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62991", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66506", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66509", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66494", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28370" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-hj3f-6gcp-jg8j", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hj3f-6gcp-jg8j" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2023-75.yaml" }, { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f" }, { "reference_url": "https://jvn.jp/en/jp/JVN45127776", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN45127776" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28370", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28370" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036875", "reference_id": "1036875", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036875" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210199", "reference_id": "2210199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210199" }, { "reference_url": "https://jvn.jp/en/jp/JVN45127776/", "reference_id": "JVN45127776", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:19:04Z/" } ], "url": "https://jvn.jp/en/jp/JVN45127776/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6523", "reference_id": "RHSA-2023:6523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6523" }, { "reference_url": "https://usn.ubuntu.com/6159-1/", "reference_id": "USN-6159-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6159-1/" }, { "reference_url": "https://usn.ubuntu.com/7150-1/", "reference_id": "USN-7150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7150-1/" }, { "reference_url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2", "reference_id": "v6.3.2", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T15:19:04Z/" } ], "url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76147?format=api", "purl": "pkg:pypi/tornado@6.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bgqs-ey1s-5fhn" }, { "vulnerability": "VCID-cqf7-yfwd-nfdy" }, { "vulnerability": "VCID-f1ya-qesa-47eb" }, { "vulnerability": "VCID-hewd-eun7-q7ab" }, { "vulnerability": "VCID-jb5p-19p9-t7du" }, { "vulnerability": "VCID-mpc3-phwa-47az" }, { "vulnerability": "VCID-wjm5-ngw7-qbhd" }, { "vulnerability": "VCID-zhjq-qmgr-qkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3.2" } ], "aliases": [ "CVE-2023-28370", "GHSA-hj3f-6gcp-jg8j", "PYSEC-2023-75" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgsh-jsn8-xygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212827?format=api", "vulnerability_id": "VCID-wjm5-ngw7-qbhd", "summary": "Tornado has incomplete validation of cookie attributes", "references": [ { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104" }, { "reference_url": "https://github.com/advisories/GHSA-78cv-mqj4-43f7", "reference_id": "GHSA-78cv-mqj4-43f7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-78cv-mqj4-43f7" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7", "reference_id": "GHSA-78cv-mqj4-43f7", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40846?format=api", "purl": "pkg:pypi/tornado@6.5.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.5.5" } ], "aliases": [ "GHSA-78cv-mqj4-43f7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wjm5-ngw7-qbhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212111?format=api", "vulnerability_id": "VCID-zhjq-qmgr-qkd7", "summary": "Tornado has a CRLF injection in CurlAsyncHTTPClient headers", "references": [ { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/7786f09f84c9f3f2012c4cf3878417cb9f053669", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/commit/7786f09f84c9f3f2012c4cf3878417cb9f053669" }, { "reference_url": "https://github.com/advisories/GHSA-w235-7p84-xx57", "reference_id": "GHSA-w235-7p84-xx57", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w235-7p84-xx57" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-w235-7p84-xx57", "reference_id": "GHSA-w235-7p84-xx57", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-w235-7p84-xx57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32049?format=api", "purl": "pkg:pypi/tornado@6.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bgqs-ey1s-5fhn" }, { "vulnerability": "VCID-f1ya-qesa-47eb" }, { "vulnerability": "VCID-hewd-eun7-q7ab" }, { "vulnerability": "VCID-jb5p-19p9-t7du" }, { "vulnerability": "VCID-wjm5-ngw7-qbhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4.1" } ], "aliases": [ "GHSA-w235-7p84-xx57" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhjq-qmgr-qkd7" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3" }