CNNVD-202512-2389 Information
CNNVD ID
CNNVD-202512-2389
Related CVE
- CNNVD Published: 2025-12-12
Description (Chinese)
Tornado是中国龙卷风科技(Tornado)社区的一个Python Web框架和异步网络库。该库通过使用非阻塞网络I / O,可以扩展到成千上万的开放连接,使其非常适合 长时间轮询, WebSocket和其他需要与每个用户建立长期连接的应用程序。 Tornado 6.5.2及之前版本存在资源管理错误漏洞,该漏洞源于HTTPHeaders.add方法存在字符串连接问题,可能导致拒绝服务攻击。
Description (English)
Tornado is a Python Web framework and a walk-in network library for the Tornado community in China. By using a non-stop network I/O, the library can extend to thousands of open connections, making it well suited to long-duration rotations, WebSocket and other applications that require long-term connectivity with each user. Tornado 6.5.2 and earlier versions had an error in resource management, which stemmed from a string connection problem with the HTTP Headers.add method, which could lead to a denial of service attack.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
龙卷风科技
Published
2025-12-12
Last Modified
2026-02-24
References
https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd https://github.com/tornadoweb/tornado/releases/tag/v6.5.3 https://github.com/tornadoweb/tornado/security/advisories/GHSA-c98p-7wgm-6p64
Patch
https://github.com/tornadoweb/tornado/tags
Share on: