OESA-2026-1673
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1673
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-1673.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-1673
- Upstream
- Published
- 2026-03-20T14:25:06Z
- Modified
- 2026-03-20T14:30:50.548083Z
- Summary
- python-tornado security update
- Details
-
Tornado is an open source version of the scalable, non-blocking web server and tools.
Security Fix(es):
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5.(CVE-2026-31958)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:24.03-LTS-SP2 / python-tornado
Package
- Name
- python-tornado
- Purl
- pkg:rpm/openEuler/python-tornado&distro=openEuler-24.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.5-3.oe2403sp2
Ecosystem specific
{
"aarch64": [
"python-tornado-debuginfo-6.5-3.oe2403sp2.aarch64.rpm",
"python-tornado-debugsource-6.5-3.oe2403sp2.aarch64.rpm",
"python-tornado-help-6.5-3.oe2403sp2.aarch64.rpm",
"python3-tornado-6.5-3.oe2403sp2.aarch64.rpm"
],
"x86_64": [
"python-tornado-debuginfo-6.5-3.oe2403sp2.x86_64.rpm",
"python-tornado-debugsource-6.5-3.oe2403sp2.x86_64.rpm",
"python-tornado-help-6.5-3.oe2403sp2.x86_64.rpm",
"python3-tornado-6.5-3.oe2403sp2.x86_64.rpm"
],
"src": [
"python-tornado-6.5-3.oe2403sp2.src.rpm"
]
}