CVE-2024-52804

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 400
CWE ID 770

Summary

CVE-2024-52804 is a vulnerability affecting the Python web framework and networking library, Tornado. The issue lies in the algorithm used to parse HTTP cookies, which can have quadratic complexity when processing maliciously crafted cookie headers. This can result in excessive CPU consumption and potentially cause the event loop thread to block, hindering the processing of other requests. The vulnerability is resolved in Tornado version 6.4.2.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share