VDB

GCVE-110-MAGEIA-2016-418

GCVE-110-MAGEIA-2016-418
Advisory Published
Vulnetix · Advisory published December 11, 2016
A difference in cookie parsing between Tornado and web browsers (especially when combined with Google Analytics) could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack.

Affected Products

VendorProductVersionsPlatforms
Mageiapython-tornado0 (affected), 3.2.2-4.2.mga5 (unaffected)

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›