SNYK-PYTHON-TORNADO-1017109

SNYK-PYTHON-TORNADO-1017109 PUBLISHED CVSS 5.900000095367432 MEDIUM

## Amendment This was deemed not a vulnerability. ## Overview [tornado](https://github.com/tornadoweb/tornado) is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Web Cache Poisoning. The root cause of this vulnerability was determined to by a python issue, [see here for more details](https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933). Upgrade to a fixed version of python to ensure your application is secure. ## References - [Web Cache Poisoning - Snyk Research Blog](https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/)

Risk Scores

CVSS 3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C

Affected Products

Vendor	Product	Versions

Timeline

Oct 13, 2020 CVE Updated
Jan 18, 2021 CVE Published

References

https://security.snyk.io/vuln/SNYK-PYTHON-TORNADO-1017109 advisory
https://github.com/tornadoweb/tornado technical
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 technical
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ technical

Open in Interactive Console →