Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
特殊元素净化处理不恰当
Vulnerability Title
Tornado 安全漏洞
Vulnerability Description
Tornado是中国龙卷风科技(Tornado)社区的一个Python Web框架和异步网络库。该库通过使用非阻塞网络I / O,可以扩展到成千上万的开放连接,使其非常适合 长时间轮询, WebSocket和其他需要与每个用户建立长期连接的应用程序。 Tornado 6.5.5之前版本存在安全漏洞,该漏洞源于未检查参数中的特制字符,可能导致Cookie属性注入。
CVSS Information
N/A
Vulnerability Type
N/A