Web Cache Poisoning in tornado

Do your applications use this vulnerable package? Test your applications

Amendment

This was deemed not a vulnerability.

Overview

Affected versions of this package are vulnerable to Web Cache Poisoning. The root cause of this vulnerability was determined to by a python issue, see here for more details. Upgrade to a fixed version of python to ensure your application is secure.

References

Web Cache Poisoning - Snyk Research Blog

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

Low
Availability

High

Credit: Snyk Security Team
CVE: CVE-2020-28476
CWE: CWE-444
Snyk ID: SNYK-PYTHON-TORNADO-1017109
Disclosed: 13 Oct, 2020
Published: 18 Jan, 2021

Web Cache Poisoning
Affecting tornado package, versions [,0]

Amendment

Overview

References

CVSS Score

Web Cache Poisoning Affecting tornado package, versions [,0]

Amendment

Overview

References

Web Cache Poisoning
Affecting tornado package, versions [,0]