Arnina
Reputation: 11
Streamlit Tornado vulnerability
Apparently Tornado is vulnerable to proxy cache poisoning.
Would that mitigate it if I disabled cache setting in the Streamlit config file? If not is there is a way to avoid any risk from that vulnerability? Thanks.
Upvotes: 1
Views: 615
Answers (1)
Ben Darnell
Reputation: 22154
This issue is actually found in the python standard library, not in Tornado itself. It is fixed in Python 3.6.13, 3.7.10, 3.8.8, and 3.9.2 (or higher versions in each branch).
CVE-2021-23336 for Python is replacing CVE-2020-28476 for Tornado according to this comment by the researcher who discovered the issue.
Upvotes: 1
Related Questions
- Correct use of streamz with websocket
- Tornado and tornado.iostream.PipeIOStream
- Tornado endpoint matching
- Python tornado tornado.iostream.StreamClosedError
- Tornado asyncio questions
- tornado demo code, NameError: name 'stream' is not defined
- Simplest tornado.gen example
- is there any Pyloris-like for Tornado?
- Difference from Twisted and Tornado?
- Tornado is "a relatively simple, non-blocking web server framework written in Python"--can somewhat explain what that means?