Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-tornado@6.4.2-1?distro=trixie
Typedeb
Namespacedebian
Namepython-tornado
Version6.4.2-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.4.2-2
Latest_non_vulnerable_version6.5.5-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3y8v-vsd8-ubba
vulnerability_id VCID-3y8v-vsd8-ubba
summary 
Tornado has an HTTP cookie parsing DoS vulnerability
The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.

See also CVE-2024-7592 for a similar vulnerability in cpython.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52804.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52804
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30697
published_at 2026-04-18T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30715
published_at 2026-04-16T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30691
published_at 2026-04-13T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.30737
published_at 2026-04-12T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30781
published_at 2026-04-11T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30778
published_at 2026-04-09T12:55:00Z
6
value 0.00118
scoring_system epss
scoring_elements 0.30746
published_at 2026-04-08T12:55:00Z
7
value 0.00118
scoring_system epss
scoring_elements 0.30688
published_at 2026-04-07T12:55:00Z
8
value 0.00118
scoring_system epss
scoring_elements 0.30869
published_at 2026-04-04T12:55:00Z
9
value 0.00118
scoring_system epss
scoring_elements 0.3082
published_at 2026-04-02T12:55:00Z
10
value 0.00145
scoring_system epss
scoring_elements 0.34762
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52804
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52804
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c
7
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52804
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112
reference_id 1088112
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088112
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2328045
reference_id 2328045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2328045
11
reference_url https://github.com/advisories/GHSA-7pwv-g7hj-39pr
reference_id GHSA-7pwv-g7hj-39pr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:54:41Z/
url https://github.com/advisories/GHSA-7pwv-g7hj-39pr
12
reference_url https://github.com/advisories/GHSA-8w49-h785-mj3c
reference_id GHSA-8w49-h785-mj3c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w49-h785-mj3c
13
reference_url https://access.redhat.com/errata/RHSA-2024:10590
reference_id RHSA-2024:10590
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10590
14
reference_url https://access.redhat.com/errata/RHSA-2024:10836
reference_id RHSA-2024:10836
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10836
15
reference_url https://access.redhat.com/errata/RHSA-2024:10843
reference_id RHSA-2024:10843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10843
16
reference_url https://access.redhat.com/errata/RHSA-2025:2470
reference_id RHSA-2025:2470
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2470
17
reference_url https://access.redhat.com/errata/RHSA-2025:2471
reference_id RHSA-2025:2471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2471
18
reference_url https://access.redhat.com/errata/RHSA-2025:2550
reference_id RHSA-2025:2550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2550
19
reference_url https://access.redhat.com/errata/RHSA-2025:2872
reference_id RHSA-2025:2872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2872
20
reference_url https://access.redhat.com/errata/RHSA-2025:2955
reference_id RHSA-2025:2955
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2955
21
reference_url https://access.redhat.com/errata/RHSA-2025:2956
reference_id RHSA-2025:2956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2956
22
reference_url https://access.redhat.com/errata/RHSA-2025:3108
reference_id RHSA-2025:3108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3108
23
reference_url https://access.redhat.com/errata/RHSA-2025:3109
reference_id RHSA-2025:3109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3109
24
reference_url https://usn.ubuntu.com/7150-1/
reference_id USN-7150-1
reference_type
scores
url https://usn.ubuntu.com/7150-1/
fixed_packages
0
url pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-tornado@6.1.0-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.1.0-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-tornado@6.2.0-3%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.2.0-3%252Bdeb12u2%3Fdistro=trixie
4
url pkg:deb/debian/python-tornado@6.4.2-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-1%3Fdistro=trixie
5
url pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
purl pkg:deb/debian/python-tornado@6.4.2-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27x3-ch78-8ueh
1
vulnerability VCID-be89-uuxa-fyb5
2
vulnerability VCID-g13r-ansu-27av
3
vulnerability VCID-nq24-395d-wuar
4
vulnerability VCID-y1z8-z2f1-mqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-3%3Fdistro=trixie
6
url pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-be89-uuxa-fyb5
1
vulnerability VCID-nq24-395d-wuar
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.4-1%3Fdistro=trixie
7
url pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
purl pkg:deb/debian/python-tornado@6.5.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.5.5-1%3Fdistro=trixie
aliases CVE-2024-52804, GHSA-8w49-h785-mj3c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y8v-vsd8-ubba
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-tornado@6.4.2-1%3Fdistro=trixie