NextGuard
UNKNOWNCVE-2026-35536

Tornado has cookie attribute injection via .RequestHandler.set_cookie

Platform

python

Component

tornado

Fixed in

6.5.5

View on NVD

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to `.RequestHandler.set_cookie` were not checked for crafted characters.

How to fix

Actualice a la versión 6.5.5 o superior de Tornado. Esta versión corrige la vulnerabilidad de inyección de atributos de cookies al validar correctamente los argumentos domain, path y samesite en .RequestHandler.set_cookie.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free