CNNVD-202512-2384 Information
CNNVD ID
CNNVD-202512-2384
Related CVE
- CNNVD Published: 2025-12-12
Description (Chinese)
Tornado是中国龙卷风科技(Tornado)社区的一个Python Web框架和异步网络库。该库通过使用非阻塞网络I / O,可以扩展到成千上万的开放连接,使其非常适合 长时间轮询, WebSocket和其他需要与每个用户建立长期连接的应用程序。 Tornado 6.5.2及之前版本存在安全漏洞,该漏洞源于解析HTTP头参数时使用低效算法,可能导致拒绝服务攻击。
Description (English)
Tornado is a Python Web framework and a walk-in network library for the Tornado community in China. By using a non-stop network I/O, the library can extend to thousands of open connections, making it well suited to long-duration rotations, WebSocket and other applications that require long-term connectivity with each user. Tornado 6.5.2 and previous versions had a security loophole, which stemmed from the use of inefficient algorithms to decipher HTTP head parameters, which could lead to a denial of service attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
龙卷风科技
Published
2025-12-12
Last Modified
2026-02-24
References
https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd https://github.com/tornadoweb/tornado/releases/tag/v6.5.3 https://github.com/tornadoweb/tornado/security/advisories/GHSA-jhmp-mqwm-3gq8
Patch
https://github.com/tornadoweb/tornado/tags
Share on: