Nixpkgs security tracker
7.2 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
In Tornado before 6.5.5, cookie attribute injection could occur because …
In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.
References
Affected products
- <6.5.5
Matching in nixpkgs
pkgs.python312Packages.tornado
Web framework and asynchronous networking library
pkgs.python313Packages.tornado
Web framework and asynchronous networking library
pkgs.python314Packages.tornado
Web framework and asynchronous networking library
pkgs.python312Packages.pytest-tornado
Py.test plugin providing fixtures and markers to simplify testing of asynchronous tornado applications
pkgs.python312Packages.sockjs-tornado
SockJS python server implementation on top of Tornado framework
pkgs.python313Packages.pytest-tornado
Py.test plugin providing fixtures and markers to simplify testing of asynchronous tornado applications
pkgs.python313Packages.sockjs-tornado
SockJS python server implementation on top of Tornado framework
pkgs.python314Packages.pytest-tornado
Py.test plugin providing fixtures and markers to simplify testing of asynchronous tornado applications
pkgs.python314Packages.sockjs-tornado
SockJS python server implementation on top of Tornado framework
Package maintainers
-
@abbradar Nikolay Amiantov <ab@fmap.me>