GHSA-78cv-mqj4-43f7
ADVISORY - githubSummary
Values passed to the domain, path, and samesite arguments of RequestHandler.set_cookie were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes.
Common Weakness Enumeration (CWE)
ADVISORY - github
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in