CVE-2024-52804
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 400
CWE ID 770
Summary
CVE-2024-52804 is a vulnerability affecting the Python web framework and networking library, Tornado. The issue lies in the algorithm used to parse HTTP cookies, which can have quadratic complexity when processing maliciously crafted cookie headers. This can result in excessive CPU consumption and potentially cause the event loop thread to block, hindering the processing of other requests. The vulnerability is resolved in Tornado version 6.4.2.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share