VulnerableCode Package Details - pkg:pypi/tornado@6.4.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-hmev-s7nv-wub2 Aliases: CVE-2025-47287 GHSA-7cx3-6m66-7c5m	Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.	6.5.0 Affected by 0 other vulnerabilities. 6.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-hmev-s7nv-wub2
Aliases:
CVE-2025-47287
GHSA-7cx3-6m66-7c5m

Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.

6.5.0
Affected by 0 other vulnerabilities.

6.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1ucn-3yzf-73c1	Tornado has an HTTP cookie parsing DoS vulnerability	CVE-2024-52804 GHSA-8w49-h785-mj3c

Vulnerability

Summary

Aliases

VCID-1ucn-3yzf-73c1

Tornado has an HTTP cookie parsing DoS vulnerability

CVE-2024-52804
GHSA-8w49-h785-mj3c

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:21:36.477382+00:00	GitLab Importer	Affected by	VCID-hmev-s7nv-wub2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tornado/CVE-2025-47287.yml	36.1.3
2025-06-16T23:50:30.293693+00:00	GitLab Importer	Affected by	VCID-hmev-s7nv-wub2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tornado/CVE-2025-47287.yml	36.1.0
2024-12-23T03:17:18.718462+00:00	GitLab Importer	Fixing	VCID-1ucn-3yzf-73c1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tornado/CVE-2024-52804.yml	35.0.0
2024-11-23T16:25:39.383637+00:00	GithubOSV Importer	Fixing	VCID-1ucn-3yzf-73c1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-8w49-h785-mj3c/GHSA-8w49-h785-mj3c.json	35.0.0
2024-11-23T04:59:02.438521+00:00	GHSA Importer	Fixing	VCID-1ucn-3yzf-73c1	https://github.com/advisories/GHSA-8w49-h785-mj3c	35.0.0